Login V2

 

/v2/Authenticate

Request Type
GET
 
OAuth 2 formatted request used to start the authentication process between your website and Stitchz. It is required to use HTTPS when initiating the authentication process with Stitchz.
 
Example URL
Example 1:
https://<YourStitchzAppURL>/<ProviderName>/v2/Authenticate?client_id=<YourStitchzApiKey>&redirect_uri=<returnUrl>&scope=<scope>&state=<state>&response_type=code
 
Example 2:
https://example.stitchz.net/Facebook/v2/Authenticate?client_id=123456789&redirect_uri=http%3a%2f%2fwww.example.com&scope=Basic&state=SSD92wlsdf9&response_type=code
 
Request
Required Parameter Type Description
yes client_id string Your unique application secret
yes redirect_uri string Your website's Return URL. It should be ready to accept a POST from Stitchz Login with a one time unique key (aka "Token"). The token is passed back to Stitchz to complete the authentication process in the /Authenticated/v2/Auth step.
yes scope string The scope will be one of the following: Basic, Professional, or Enterprise, and is based on the plan selected when creating your Stitchz application.
yes state string A pseudo-random string that is passed between websites to help prevent CSRF. Pass this string with your request to add an additional check that the response has not been tampered with.
yes response_type string Available types are "code" or "token". When initiating an authorization request for a user "code" should be used.
Response
A valid request will redirect the browser to the Social Login Provider's login page as specified in the request Url. Upon successful authentication with the Login Provider, a unique token is POSTed back to the application's Return Url.
Field Type Description
token* string A one time unique identifier generated by Stitchz that is POSTed back to the application's Return Url. POST the token back to Stitchz (/Authenticated/v2/Auth) to complete the authentication processes and get the user's profile.
state string A pseudo-random string that is passed between websites to help prevent CSRF. Send this with the POST back to Stitchz to get the final token.
 
* Always returned in the response.