Shutterfly Open API  |  Interactive Sign-in Setup

With Interactive Sign-in, your app triggers a process where the user is asked to sign in to Shutterfly, and if she does, your app will be given an auth token for its Shutterfly Open API calls. If the user does not have a Shutterfly account, she may sign up for a new one, with the same result.

This path is for apps that don't necessarily "guard" their shared secret, as explained here: Authentication and Authorization


Interactive Sign-in works as follows:

  1. You do some initial application-level setup with Shutterfly.
  2. The user uses your app or Web site, and eventually needs Shutterfly Open API functionality. Your app sends the user to a Shutterfly signin page.
    • The user signs in to Shutterfly, or signs up for a new Shutterfly account if she does not already have one.
    • Shutterfly then redirects the user's browser back to your app, on a "callback URL" that you specified.
  3. On callback, Shutterfly gives your app an auth token, which is good for up to two days. Your app passes it on its Shutterfly Open API calls.

Application setup

Optional: Configure your app with a default Callback URL.

  • Callback URL: An URL that Shutterfly's signin page will return control to after the user has signed in to Shutterfly. Configuring this parameter is not absolutely required, because your app can specify the URL dynamically, as described below.


Send the user's Web browser to this Shutterfly page:

You will need to attach certain URL parameters to the call:

Required: Yes
Example: 693228dc384ba239269fa6f80de8ce97
Description: Your application ID.
Required: No
Description: Your application's identifier for the user. Shutterfly may store this, but it is mainly so that your app can recognize the user, on callback.
Required: No
Description: Your application's desired callback URL. When provided, this parameter overrides your default callback URL (if any). This parameter is only required if you have not configured a default callback URL for this application.

You will also need to sign the call. A completed, fully-signed callback URL would look something like this, prior to URL-encoding (and all on one line):


When Shutterfly calls your callback URL, it will tell you whatever you had previously specified for oflyAppId and oflyRemoteUser, and add this parameter:

Example: 000020654581|1207184770811|610685903d963e98a5aa5766e57fb70340302493
Description: Authorization token for use on Shutterfly Open API calls; generally good for up to two days.
Example: 9BcNWjVs1g
Description: Shutterfly user identifier. This value is provided as a convenience in case your app needs to build /userid/ URLs in the User Data API.

Given the above example, Shutterfly might construct your callback URL something like this, prior to URL-encoding (and all on one line):

Pass the oflyUserAuthToken where needed on your Shutterfly Open API calls, as explained here: User Authentication.

© 1999–2017 Shutterfly, Inc. All rights reserved.