If you would like to automatically log users into your public interface from a link within another website you can use the API to generate a login token. This token can then be passed to the public interface in an HTTP request in order to log a user into the desired public interface.




Requests to this method must be authenticated with an account authentication token. User tokens are not permitted to use this method.

Supported Parameters

  • public_interface - the internal domain (i.e. 'codebase' if the internal domain is '') or ID of the public interface (required)

You must also pass details for the customer which you wish to login as. You have two options, if you already know the customer's ID you can pass customer_id with the numeric ID. If you don't, you can pass the following parameters which will lookup the customer based on the reference or create a new customer with the details.

  • customer_reference - the reference for the customer
  • customer_name - the full name of the customer
  • customer_email - the email address for the customer

Example JSON

  "token": "fcc61053-8910-9c4b-ee25-9069aa4eeec5",
  "expires_at": "2012-03-01T11:47:17+00:00",
  "customer": {
    "id": 1,
    "reference": "dave",
    "name": "David Smith",
    "abbreviated_name": "David S",
    "company": "Dave's Pie Shop",
    "pin": "045712",
    "created_at": "2012-03-01T10:14:28+00:00"
  "public_interface": {
    "id": 2,
    "title": "Codebase",
    "access_domain": "",
    "access_domain_with_protocol": "",
    "brand": {
      "id": 2,
      "name": "Codebase",
      "url": "",
      "phone": "01202 901222"

###Redirecting the User

Once you have generated the token, you should redirect the user to your public interface, passing the token (see example below). If you're using the cloud edition, you can redirect to either the internal or external domain.{token}

Tokens are valid for one use and for one minute after generation so users must be redirected straight away in order to ensure they login. If the token is invalid, the user will just be redirected to the homepage of the public interface without a warning.

Proudly powered by Katapult. Running on 100% renewable energy.