Documentation | My Applications

Shutterfly Open API  |  Interactive Sign-in Setup


With Interactive Sign-in, your app triggers a process where the user is asked to sign in to Shutterfly, and if she does, your app will be given an auth token for its Shutterfly Open API calls. If the user does not have a Shutterfly account, she may sign up for a new one, with the same result.

This path is for apps that don't necessarily "guard" their shared secret, as explained here: Authentication and Authorization

Concepts

Interactive Sign-in works as follows:

  1. You do some initial application-level setup with Shutterfly.
  2. The user uses your app or Web site, and eventually needs Shutterfly Open API functionality. Your app sends the user to a Shutterfly signin page.
    • The user signs in to Shutterfly, or signs up for a new Shutterfly account if she does not already have one.
    • Shutterfly then redirects the user's browser back to your app, on a "callback URL" that you specified.
  3. On callback, Shutterfly gives your app an auth token, which is good for up to two days. Your app passes it on its Shutterfly Open API calls.

Application setup

Optional: Configure your app with a default Callback URL.

  • Callback URL: An URL that Shutterfly's signin page will return control to after the user has signed in to Shutterfly. Configuring this parameter is not absolutely required, because your app can specify the URL dynamically, as described below.

Workflow

Send the user to this Shutterfly page: 

http://www.shutterfly.com/oflyuser/createToken.sfly

You will need to attach certain URL parameters to the call:

oflyAppId
Required: Yes
Example: 693228dc384ba239269fa6f80de8ce97
Description: Your application ID.
oflyRemoteUser
Required: No
Example: suzyh1234789@yahoo.com
Description: Your application's identifier for the user. Shutterfly may store this, but it is mainly so that your app can recognize the user, on callback.
oflyCallbackUrl
Required: No
Example: http://my123mash.com/step3
Description: Your application's desired callback URL. When provided, this parameter overrides your default callback URL (if any). This parameter is only required if you have not configured a default callback URL for this application.

You will also need to sign the call. A completed, fully-signed callback URL would look something like this, prior to URL-encoding (and all on one line): 

http://localhost/oflyuser/createToken.sfly?oflyCallbackUrl=http://my123mash.com/step3
&oflyAppId=693228dc384ba239269fa6f80de8ce97&oflyApiSig=3cd8b2bdb8cc49ace7d56f23e5ab3be7664c3fef
&oflyTimestamp=2008-04-02T19:50:47.374-0700&oflyHashMeth=SHA1&oflyRemoteUser=suzyh1234789@yahoo.com

When Shutterfly calls your callback URL, it will tell you whatever you had previously specified for oflyAppId and oflyRemoteUser, and add this parameter:

oflyUserAuthToken
Example: 000020654581|1207184770811|610685903d963e98a5aa5766e57fb70340302493
Description: Authorization token for use on Shutterfly Open API calls; generally good for up to two days.

Given the above example, Shutterfly might construct your callback URL something like this, prior to URL-encoding (and all on one line): 

http://my123mash.com/step3?oflyAppId=693228dc384ba239269fa6f80de8ce97
&oflyUserAuthToken=000020654581|1207184770811|610685903d963e98a5aa5766e57fb70340302493
&oflyRemoteUser=suzyh1234789@yahoo.com

Pass the oflyUserAuthToken where needed on your Shutterfly Open API calls, as explained here: User Authentication.

© Copyright Shutterfly 1999-2009. All rights reserved.