LogoLogo
Build appsContact API support
  • Build apps
  • Site Templates
  • API Reference
  • Changelog
  • REST API
    • REST API overview
    • Store Profile
      • Get store profile
      • Update store profile
      • Upload store logo image
      • Delete store logo image
      • Store reports
        • Get store reports
        • Get latest store update stats
        • Get deleted items history
    • Orders
      • Search orders
      • Get order
      • Get last order
      • Calculate order details
      • Update order
      • Create order
      • Delete order
      • Get repeat order URL
      • Order invoices
        • Get order receipt PDF
        • Get tax invoices for order
        • Generate tax invoice for order
      • Order statuses
        • Search order statuses
        • Get order status
        • Update custom order status
      • Order extra fields
        • Search order extra fields
        • Update order extra field
        • Add extra fields to order
        • Delete order extra field
      • Abandonned carts
        • Search abandoned carts
        • Get abandoned cart
        • Update abandoned cart
        • Convert abandoned cart to order
      • Recurring subscriptions
        • Search recurring subscriptions
        • Get recurring subscription
        • Update recurring subscription
    • Products
      • Search products
      • Get product
      • Update product
      • Create product
      • Delete product
      • Delete all products
      • Adjust product stock
      • Get product filters
      • Get recently used product swatches
      • Search product brands
      • Product images and videos
        • Upload main product image
        • Upload main product image (async)
        • Upload gallery product image
        • Upload gallery product image (async)
        • Delete main product image
        • Delete gallery product image
        • Delete all gallery product images
        • Upload main product video
        • Upload gallery product video
        • Upload cover for gallery video
        • Delete main product video
        • Delete gallery product video
        • Download gallery product video
        • Bulk update product images and videos
      • Product files
        • Upload product file
        • Download product file
        • Delete product file
        • Delete all product files
        • Change product file description
      • Product variations
        • Search product variations
        • Get product variation
        • Update product variation
        • Create product variation
        • Delete product variation
        • Delete all product variations
        • Adjust product variation stock
        • Upload product variation image
        • Upload product variation image (async)
        • Delete product variation image
      • Product types and attributes
        • Search product types
        • Get product type
        • Update product type and attributes
        • Create product type
        • Delete product type
      • Product reviews
        • Search product reviews
        • Get product reviews stats
        • Update product review status
        • Bulk update/delete product reviews
        • Delete product review
    • Categories
      • Search categories
      • Search categories by path
      • Get category
      • Update category
      • Create category
      • Delete category
      • Category images
        • Upload category image
        • Upload category image (async)
        • Delete category image
      • Manage order of categories in the store
        • Get order of categories
        • Update order of categories
      • Manage order of products in the category
        • Get order of products
        • Update order of products
        • Assign products to the category
        • Unassign products from the category
    • Customers
      • Search customers
      • Get customer
      • Update customer
      • Create customer
      • Delete customer
      • Customer groups
        • Search customer groups
        • Get customer group
        • Update customer group name
        • Create customer group
        • Delete customer group
      • Customer contacts
        • Search customer contacts
        • Get customer contact
        • Update customer contact
        • Create customer contact
        • Delete customer contact
      • Customer extra fields
        • Search customer extra fields
        • Get customer extra field
        • Update customer extra field
        • Create customer extra field
        • Delete customer extra field
    • Discounts
      • Promotions
        • Search promotions
        • Update promotion
        • Create promotion
        • Delete promotion
      • Discount coupons
        • Search discount coupons
        • Get discount coupon
        • Update discount coupon
        • Create discount coupon
        • Delete discount coupon
    • Domains
      • Search store domains
      • Update store domains
      • Search domains for purchase
      • Purchase domain
      • Send domain verification email
      • Reset domain password
    • Dictionaries
      • Country codes
      • Currency codes
      • Currency codes by country
      • State codes by country
      • Tax classes by country
    • Staff accounts
      • Search staff accounts
      • Get staff account
      • Get staff account scopes
      • Update staff account
      • Create staff account
      • Delete staff account
      • Resend staff account invite
      • Cancel staff account invite
    • Application
      • Get app subscription status
      • Cancel app subscription
      • Get all app storage data
      • Get specific app storage data
      • Update specific app storage data
      • Delete specific app storage data
      • Add app storage data
      • Custom charge with Ecwid billing
    • Batch requests
      • Create batch request
      • Get batch status
      • Search batch requests by status
      • Stop batch request
      • Stop and delete batch request
    • Shipping options
      • Search shipping options
      • Update shipping option
      • Create shipping option
      • Delete shipping option
    • Payment options
      • Search payment options
      • Get payment option
      • Update payment option
      • Create payment option
      • Delete payment option
    • Checkout extra fields
      • Add checkout extra fields with JavaScript
      • Manage checkout extra fields with REST API
        • Search checkout extra fields
        • Get checkout extra field
        • Update checkout extra field
        • Create checkout extra field
        • Delete checkout extra field
    • Storefront widget details
      • Get page slug and static code
      • Set base URL for storefront widgets
      • Optimize custom website SEO with better URLs
        • Enable Clean Store URLs on a custom website
        • Set Custom Page Slugs on a custom website
      • Dynamic loading for storefront widget
      • SSO (Single-Sign-On) for websites
        • Add SSO to the website
        • Customize SSO on the website
        • SSO code examples
      • Static store pages
        • Static code for home page
        • Static code for category page
        • Static code for product page

Lightspeed® 2025

On this page
  • Get started
  • Pass user data to Ecwid
  • Sign the SSO payload
  • FAQ

Was this helpful?

  1. REST API
  2. Storefront widget details
  3. SSO (Single-Sign-On) for websites

Add SSO to the website

Last updated 3 months ago

Was this helpful?

Get started

You will need to go through these steps to get started with the SSO for your store:

  • have for Ecwid with create_customers access scope

  • install that app in your Ecwid store using instructions from Ecwid

  • use application keys (client_*) for the SSO features

Pass user data to Ecwid

To enable Storefront Single Sign-on (SSO) on merchant's website, you need to pass encrypted user information to Ecwid JavaScript API. The user data itself needs to be prepared and encrypted on the server. See for the details.

Then, in the code of the store web page, you should send the encrypted user data to Ecwid. There are two ways you can do that:

  1. Declaring a ecwid_sso_profile JS variable on the store web page containing the user information

  2. Dynamically sending a user info to Ecwid by means of the Ecwid.setSsoProfile() JS API method

ecwid_sso_profile

You can inform Ecwid of the logged in user on your site in the ecwid_sso_profile JavaScript variable declared on the store pages. The ecwid_sso_profile variable can be declared anywhere in a web page, either before the Ecwid's script.js or after. The ecwid_sso_profile is initialized once – when Ecwid loads on the page.

Send user information in an SSO payload to Ecwid:

var ecwid_sso_profile = '93n3ufncucndndner9872h34b43ird8djd8d8 8787aa437a4aaa3ds8787 1421317550';

Ecwid.setSsoProfile()

The above mentioned SSO approach with setting ecwid_sso_profile variable works well when login/logout actions on the site are done along with the page reload. If a website utilizes AJAX for login/logout functionality, the page won't be reloaded and thus ecwid_sso_profile will not be updated instantly. In this case, you can use Ecwid.setSsoProfile() API method.

The Ecwid.setSsoProfile() method does exactly the same as setting of the ecwid_sso_profile variable, but can be used multiple times within the same "session".

Here is how you will use that:

  • Handle all logins/logouts events on the page

  • When a user is logged in, send an AJAX request to your server to retrieve SSO payload

  • Execute Ecwid.setSsoProfile() function and pass the retrieved SSO payload as parameter

Sign in a user dynamically without page reloading by means of Ecwid.setSsoProfile():

// This is supposed to be executed after a user is logged in on your site

// Retrieve SSO payload from the server
var ssoPayload = ... 

Ecwid.setSsoProfile(ssoPayload);

📘

Ecwid.setSsoProfile works only when Ecwid is in SSO mode, that is, when the global variable 'ecwid_sso_profile' is also defined. Make sure 'ecwid_sso_profile' is defined at least as empty string, like this: ecwid_sso_profile = '' .

When no one is logged in

To specify that no user is logged in, pass an empty payload either to the ecwid_sso_profile='' variable or to Ecwid.setSsoProfile("") method. Ecwid will 'understand' that nobody is logged in at the moment and log out the current user if any.

Sign the SSO payload

When you pass user information to Ecwid either in ecwid_sso_profile JS variable or with Ecwid.setSsoProfile() method, you need to create and sign the payload. SSO payload contains of the following parts connected with a space character:

Generate SSO payload and send it to Ecwid to log the user in Ecwid (Example)

<?php
    $client_secret = "A1Lu7ANIhKD6A1Lu7ANIhKD6ADsaSdsa"; // example value
    $message = base64_encode("{appClientId: 'my-cool-app', userId:'234', profile: { email:'test@example.com', billingPerson: { name: 'John Doe' } }}"); // example values
    $timestamp = time();
    $hmac = hash_hmac('sha256', "$message $timestamp", $client_secret);

    echo "<script> var ecwid_sso_profile = '$message $hmac $timestamp'; </script>";
?>

Message

The message is a Base64-encoded JSON string containing user profile fields and the application ID. See the Message field format explained below.

📘

Parameters in bold are mandatory

Field
Type
Description

appClientId

string

Your application's client_id value. Example: my-cool-app

userId

string

Any string identifying the user in the 3rd-party authentication system. Examples: 72551, johnsmith87. The combination of appClientId and userId identifies the customer profile in Ecwid connected with your site.

profile

Profile

User information. If a customer with the given combination of appClientId and userId already associated with some customer in your Ecwid store, the profile on file will be merged with the provided fields. Exception is the customer address book (shippingAddresses), which is only filled once when profile is created in Ecwid.

Profile

Field
Type
Description

email

string

Customer email

billingPerson

<Person>

Customer's billing name/address

shippingAddresses

Array<Person>

Customer address book items

registered

number (UNIX timestamp)

Registration date

Person

Field
Type
Description

name

string

Customer full name

companyName

string

Customer company name

street

string

Street

city

string

City

countryCode

string

Country code (2-letter code)

countryName

string

Country name

postalCode

string

Postal code (zip code)

stateOrProvinceCode

string

State/province code

phone

string

Phone number

Signature

The signature should be generated by HMAC SHA256 encryption of the Base64-encoded profile data and timestamp. Use your client_secret as a signature key. The secret key is provided when you register an application.

Every message should have different signature. If a message has a signature that has already been seen recently, Ecwid denies the sign-on request.

Timestamp

UNIX timestamp. The system clock on your server must be in sync with the actual time, otherwise signatures generated by your server will fail to validate in Ecwid. Ecwid allows this timestamp to be up to 10 minutes late. The timestamp ensures that the message cannot be intercepted and misused later.

FAQ

Q: Is SSO available to all stores?

Q: How do I know that SSO is working?

When ecwid_sso_profile variable is set on a page, Ecwid will hide the Sign In and Sign Out links in a storefront. However in some cases this doesn't mean that the SSO functionality is working successfully.

To make sure that Single Sign On functionality is working, customer in merchant's store should be able to do any action that any logged in customer would do: add shipping addresses to their address book, use prefilled details on checkout, etc.

Another clear indicator can be the email field in the payment method selection of the checkout process. If your storefront has this field hidden, then the Single Sign On is working correctly in your store.

When troubleshooting this issue, please make sure to check if the client_secret that you specified in your code is correct. You can find out more about it in the Signature section above.

Q: Can I use SSO for existing customer account in a store?

Ecwid does not allow two customers with the same email address in one store. If a customer with the same email already exists and has different SSO appClientId/userId, or does not have them at all, then Ecwid will fail to create a customer account and will behave as if no user is logged in.

For example, If you have a customer customer@example.com from Facebook, you cannot have another customer@example.com signing in using SSO. Ecwid will simply ignore customer@example.com passed in SSO.

Single Sign On is available for . If an Ecwid store has no paid subscription, Ecwid stops processing SSO requests for that store and will behave as if no user is logged in.

a registered application
SSO Payload
paid Ecwid users only