singleSignOn

This method uses a single sign-on token to log the site visitor in to the site as a registered user. The user identification is embedded in the token. The token is obtained by the external server by calling the getSingleSignOnToken API method. Use this method when calling from a Web Client. Please review the authentication and security guidance before using this or any other API method available in the site configuration..

Post URL

Deconstructing the URL
* In most cases secure2.convio.net matches a client's secure domain. However, in some cases this will be different. If your organization uses Convio for fundraising, the correct secure domain for the API is identical to the secure domain for your fundraising forms. So if the sample above does not work, look for the unique secure domain used for your organization and replace the secure2.convio.net portion above with this URL.

*Here, organization is a client's unique identifier in the Convio system. Every client has a unique value that represents their instance of the product. If you're organization uses a custom secure URL for donations, the organization portion of the URL may not be necessary, contact support for assistance.

Example: https://demo-secure.convio.net/demo829/site/CRConsAPI. Here you'll notice that demo-secure.convio.net is used for the domain, and demo829 is used for the organization.

Authentication

The caller must be logged in to the Convio site. Furthermore, to prevent certain scripting attacks, the call must include a special authentication token to verify that the call is from a trusted host. Currently, this token can only be included when making the call from a page served by the Convio system.

Learn about the Authentication Token on the configuration page.

Parameters

The following parameters apply:

Name	Description
api_key	Required. An arbitrary value that must be passed when invoking the Convio Client and Server APIs. The value passed by the caller must match the value in the CONVIO_API_KEY site configuration parameter, which is unique for each Convio site.
v	Required. API version to invoke. Must be "1.0".
method	Required. Specifies which method to perform. To invoke this method use the value "singleSignOn"
response_format	Optional. Specifies the format in which to return the response. Can be either "xml" (the default value) or "json".
error_redirect	Optional. A URL to which to redirect after processing that results in an error.
success_redirect	Optional. A URL to which to redirect after successful processing.
redirect	Optional. Specifies a URL redirect to send back to the browser after processing.
sso_auth_token	Required. The authentication token obtained from the getSingleSignOnToken API method.

Response

Success

A successful invocation sends either a URL redirect (if the redirect parameter was specified) or an identifier for the new record is returned. The HTTP status code is 200. The response is formatted as XML by default, but the response_format input parameter can be used to specify either XML or JSON formatting. For example:

XML format:

<singleSignOnMethodResponse
  xmlns=http://convio.com/crm/v1>
  xmlns:xsi=http://www.w3.org/2001/XMLSchema-instance
  xsi:schemaLocation="http://convio.com/crm/v1.0
  http://service.convio.net/xmlschema/crm.public.v1.xsd">
  9dlp0oxn21.app8007
</singleSignOnMethodResponse>

JSON format:

{"singleSignOnMethodResponse":"9dlp0oxn21.app8007"}

Error

If there is an error, either a URL redirect is sent (if the redirect parameter was specified) or the error code and message is returned. The HTTP status code is 403. For example:

XML format:

<errorResponse
  xmlns=http://convio.com/crm/v1>
  xmlns:xsi=http://www.w3.org/2001/XMLSchema-instance
  xsi:schemaLocation="http://convio.com/crm/v1.0
  http://service.convio.net/xmlschema/crm.public.v1.xsd">
  <code></code>
  <message>.</message>
</errorResponse>

JSON format:

{"errorResponse":{"code":"","message":""}}

See the complete list of HTTP Status codes and Error codes for calling from another application.

Client Community
Log in to chat with other clients and partners using APIs and share code snippets.