You’re the owner of a successful online forum where users manage their subscriptions. Currently, subscribers must first log in to their Shopify customer account before they can access and manage their subscriptions, creating an extra step in the process.

With the new Single sign-on module, this friction is removed. Subscribers can now log in directly from your forum (or any other connected platform), and be automatically authenticated into their Recurpay account using a Single sign-on token. This token, securely handled by the merchant or developer, ensures a seamless and unified login experience across all platforms, allowing customers to manage their subscriptions without needing to log in twice.

Requirements

Your store must me on scale plan of Recurpay

Step 1: Enable single sign-on option your Recurpay dashboard

You can enable single sign-on functionality on your store from the Recurpay dashboard.

Scroll down the page and click on "Enable single sign-on for customer account" option.

Once enabled, a token is visible to you. You need this token to generate hash values which has to be sent to Recurpay API to get pre-authenticated redirect URL for your customers.

⚠️ Make sure you keep your token private to ensure safety.

Step 2: Use Recurpay API to let your customers access their account without logging-in again

Parameters

Attribute	Type	Description Rule
subscriber_id	string (URL Param)	An unsigned 64-bit integer that is used as an unique identifier for the subscriber. Each id is unique across the Recurpay system. No two subscribers will have the same id, even if they're from different stores. Note: You can also use the Shopify customer ID instead of Recurpay subscriber ID, they both will ideally be same.
customer_hash	string	Hashed value (Using sha256) of the subscriber_id generated using your single sign-on token

Attribute

Type

Description Rule

subscriber_id

string (URL Param)

An unsigned 64-bit integer that is used as an unique identifier for the subscriber. Each id is unique across the Recurpay system. No two subscribers will have the same id, even if they're from different stores.

Note: You can also use the Shopify customer ID instead of Recurpay subscriber ID, they both will ideally be same.

customer_hash

string

Hashed value (Using sha256) of the subscriber_id generated using your single sign-on token

Ready to use cURL

curl --location 'https://{your-recurpay-subdomain}.recurpay.com/admin/api/{api_version}/subscribers/{subscriber_id}/login' \
--header 'Content-Type: application/json' \
--data '{
    "customer_hash": "a2e3aaa9ddxxxxxx9ea35607c378bbc414c6a8baeec6291xxxxxxxxxxxx"
}'

Example implementation

import crypto from "crypto";

/**
 * Generates HMAC-SHA256 hash of a customer ID using a secret key
 * @param {string} customerId - The customer ID to hash
 * @param {string} secretKey - Your shared secret key
 * @returns {string} - Hex-encoded HMAC hash
 */
function hashCustomerId(customerId, secretKey) {
  return crypto
    .createHmac("sha256", secretKey)
    .update(customerId)
    .digest("hex");
}

// Example usage
const customerId = "12345";
const secretKey = process.env.RECURPAY_SINGLE_SIGN_ON_SECRET;

const customerHash = hashCustomerId(customerId, secretKey);
console.log("Customer Hash:", customerHash);

<?php

/**
 * Generates HMAC-SHA256 hash of a customer ID using a secret key
 *
 * @param string $customerId The customer ID to hash
 * @param string $secretKey  Your shared secret key
 * @return string Hex-encoded HMAC hash
 */
function hashCustomerId(string $customerId, string $secretKey): string {
    return hash_hmac('sha256', $customerId, $secretKey);
}

// Example usage
$customerId = "12345";
$secretKey = getenv('RECURPAY_SINGLE_SIGN_ON_SECRET');

$customerHash = hashCustomerId($customerId, $secretKey);
echo "Customer Hash: " . $customerHash;

{% assign customer_id = customer.id %}
{% assign secret_key = "swedw3RxxxxxxssweRtt378bbcxxxxx" %}

{% assign customer_hash = customer_id | hmac: "sha256", secret_key %}

{% comment  %}
Customer Hash: {{ customer_hash }}
{% endcomment  %}

Response

{
    "success": true,
    "data": {
        "redirection_url": "https://your-store.recurpay.com/account/login/XXXXX/XXXXX"
    }
}

{
    "success": false,
    "message": "Failed to login subscriber due to an invalid customer hash"
}

Security consideration

It is critical to maintain secure communication when sending tokens to the browser. Always use HTTPS connections to transmit tokens. The HTTPS method prevents potential interception and keeps the transaction secure.

Always generate the hash on server-side and never expose your token on the frontend side of your application.