With Interactive Sign-in, your app triggers a process where the user is asked to sign in to Shutterfly, and if she does, your app will be given an auth token for its Shutterfly Open API calls. If the user does not have a Shutterfly account, she may sign up for a new one, with the same result.
This path is for apps that don't necessarily "guard" their shared secret, as explained here: Authentication and Authorization
Interactive Sign-in works as follows:
- You do some initial application-level setup with Shutterfly.
The user uses your app or Web site, and eventually needs Shutterfly Open API functionality.
Your app sends the user to a Shutterfly signin page.
- The user signs in to Shutterfly, or signs up for a new Shutterfly account if she does not already have one.
- Shutterfly then redirects the user's browser back to your app, on a "callback URL" that you specified.
- On callback, Shutterfly gives your app an auth token, which is good for up to two days. Your app passes it on its Shutterfly Open API calls.
Optional: Configure your app with a default Callback URL.
- Callback URL: An URL that Shutterfly's signin page will return control to after the user has signed in to Shutterfly. Configuring this parameter is not absolutely required, because your app can specify the URL dynamically, as described below.
Send the user's Web browser to this Shutterfly page:
You will need to attach certain URL parameters to the call:
You will also need to sign the call. A completed, fully-signed callback URL would look something like this, prior to URL-encoding (and all on one line):
http://localhost/oflyuser/createToken.sfly?oflyCallbackUrl=http://my123mash.com/step3 &oflyAppId=693228dc384ba239269fa6f80de8ce97&oflyApiSig=3cd8b2bdb8cc49ace7d56f23e5ab3be7664c3fef &oflyTimestamp=2008-04-02T19:50:47.374-0700&oflyHashMeth=SHA1&oflyRemoteUseremail@example.com
When Shutterfly calls your callback URL, it will tell you whatever you had previously specified for
and add this parameter:
Given the above example, Shutterfly might construct your callback URL something like this, prior to URL-encoding (and all on one line):
http://my123mash.com/step3?oflyAppId=693228dc384ba239269fa6f80de8ce97&oflyUserid=9BcNWjVs1g &oflyUserAuthToken=000020654581|1207184770811|610685903d963e98a5aa5766e57fb70340302493 &oflyRemoteUserfirstname.lastname@example.org
Pass the oflyUserAuthToken where needed on your Shutterfly Open API calls, as explained here: User Authentication.