Journalytix API > Single Sign-On (SSO)

Single Sign On allows companies to provide a link from their website to Journalytix, bypassing the Journalytix login. The following conditions must apply.

This page presumes working knowledge of PHP Server Side Scripting.

The following parameters will be sent to the SSO URL.

- Username of company account

- Password of company (sent encrypted)

- Member email address (sent encrypted)

The validation rules are:

- Company password must be valid

- Member is assigned to the company and status Active

- Member must not be expired

The code to generate the encrypted URL is as follows (PHP 5.3 or above or Go):

PHP Code to generate encrypted URL for SSO

Go Code to generate encrypted URL for SSO

package journalytixsso

import (

"bytes"

"crypto/aes"

"crypto/cipher"

"crypto/hmac"

"crypto/rand"

"crypto/sha256"

"encoding/base64"

"io"

"net/url"

)

// Encrypt encrypts text with key using AES-256-CBC cipher

// Returns base64 representation of concatenated initialization vector, hmac and ciphertext

func Encrypt(text, key string) (string, error) {

ciphertext := make([]byte, aes.BlockSize+len(text))

// Truncate key to 32 bytes to stay consistent with php version

truncatedKey := []byte(key)

if len(truncatedKey) > 32 {

truncatedKey = truncatedKey[0:32]

}

// Generate initialization vector

iv := make([]byte, aes.BlockSize)

if _, err := io.ReadFull(rand.Reader, iv); err != nil {

return "", err

}

// Apply PKCS7 padding to text

paddingLength := aes.BlockSize - len(text)%aes.BlockSize

padding := bytes.Repeat([]byte{byte(paddingLength)}, paddingLength)

text = string(append([]byte(text), padding...))

// Encrypt text with truncatedKey

block, err := aes.NewCipher(truncatedKey)

if err != nil {

return "", err

}

mode := cipher.NewCBCEncrypter(block, iv)

mode.CryptBlocks(ciphertext, []byte(text))

// Remove null padding to stay consistent with php version

ciphertext = bytes.TrimRight(ciphertext, "\x00")

// Generate hmac

// Have to use full non truncated key here

mac := hmac.New(sha256.New, []byte(key))

mac.Write(ciphertext)

macText := mac.Sum(nil)

// Build result

result := append(iv, macText...)

result = append(result, ciphertext...)

return base64.StdEncoding.EncodeToString(result), nil

}

// BuildJXURL Journalytix URL Builder

func BuildJXURL(username, password, memberemail string) (string, error) {

u, err := url.Parse("https://app.journalytix.me/api/login")

if err != nil {

return "", err

}

params := u.Query()

params.Set("username", username)

params.Set("password", password)

params.Set("memberemail", memberemail)

u.RawQuery = params.Encode()

return u.String(), nil

}

$apicode = Your generated API code.

$username = Company user name.

$password = Company password.

$memberemail = Traders email address.

$url can then be used on the page to link to the Journalytix Site. If the logon fails, then one of the following error codes will be returned:

Error Codes

03 - API Code Not Valid - API code sent was not valid.

04 - Invalid Company Login Details - Username or Password of company is invalid.

06 - Invalid User Details - User (Trader) details not found or not associated with this company.

07 - Unable To Login - Login process failed. User exists but failed login - possibly because of expiry dates or user not being active.

08 - User Not Active - User is not active (check the user on the Traders page).

09 - User Expired - User is expired, past end date (check the user on the Traders page).

You can test your API credentials on this page: