Let your subscribers access their subscription management portal without creating new passwords. Integrate your existing login with Recurpay in few easy steps.
You’re the owner of a successful online forum where users manage their subscriptions. Currently, subscribers must first log in to their Shopify customer account before they can access and manage their subscriptions, creating an extra step in the process.
With the new Single sign-on module, this friction is removed. Subscribers can now log in directly from your forum (or any other connected platform), and be automatically authenticated into their Recurpay account using a Single sign-on token. This token, securely handled by the merchant or developer, ensures a seamless and unified login experience across all platforms, allowing customers to manage their subscriptions without needing to log in twice.
Requirements
- Your store must me on a Scale plan
Step 1: Enable single sign-on
You can enable Single sign-on functionality on a store from the Recurpay dashboard.
- From your Recurpay dashboard, go to Settings -> General
- In the Single sign-on section, select Turn on to enable Single sign-on
After you enable Single sign-on, a secret is shared with you. You need the secret to generate tokens to log your subscribers into your Shopify store.
⚠️ Make sure you keep your secret private to reduce security risks.
Step 2: Your system should send the following parameters to our endpoint:
Parameters
Attribute | Type | Description Rule |
|---|---|---|
subscriber_id | string (URL Param) | An unsigned 64-bit integer that's used as a unique identifier for the subscriber. Each id is unique across the Recurpay system. No two subscribers will have the same id, even if they're from different stores. Note: Your Shopify customer ID and the corresponding Recurpay subscriber ID are the same. |
customer_hash | string | Hash sha256 of the subscriber_id generated using your secret key |
API Endpoint
https://{your-recurpay-subdomain}.recurpay.com/admin/api/{api_version}/subscribers/{subscriber_id}/login POST
API Payload
{
"customer_hash": "64baf1fa00ff5d5f270783af11845d34402c21e9145d2b0ff328c463910c5ea5"
}Example implementation
import crypto from "crypto";
/**
* Generates HMAC-SHA256 hash of a customer ID using a secret key
* @param {string} customerId - The customer ID to hash
* @param {string} secretKey - Your shared secret key
* @returns {string} - Hex-encoded HMAC hash
*/
function hashCustomerId(customerId, secretKey) {
return crypto
.createHmac("sha256", secretKey)
.update(customerId)
.digest("hex");
}
// Example usage
const customerId = "12345";
const secretKey = process.env.RECURPAY_SINGLE_SIGN_ON_SECRET;
const customerHash = hashCustomerId(customerId, secretKey);
console.log("Customer Hash:", customerHash);<?php
/**
* Generates HMAC-SHA256 hash of a customer ID using a secret key
*
* @param string $customerId The customer ID to hash
* @param string $secretKey Your shared secret key
* @return string Hex-encoded HMAC hash
*/
function hashCustomerId(string $customerId, string $secretKey): string {
return hash_hmac('sha256', $customerId, $secretKey);
}
// Example usage
$customerId = "12345";
$secretKey = getenv('RECURPAY_SINGLE_SIGN_ON_SECRET');
$customerHash = hashCustomerId($customerId, $secretKey);
echo "Customer Hash: " . $customerHash;{% assign customer_id = "12345" %}
{% assign secret_key = "hT0LkaQ5jXQPzROTRMRSZF6DGMFadfKX" %}
{% assign customer_hash = customer_id | hmac: "sha256", secret_key %}
Customer ID: {{ customer_id }}
Customer Hash: {{ customer_hash }}Response
{
"success": true,
"data": {
"redirection_url": "https://your-store.recurpay.com/account/login/11111/11111"
}
}{
"success": false,
"message": "Failed to login subscriber due to an invalid customer hash"
}Security consideration
It is critical to maintain secure communication when sending tokens to the browser. Always use HTTPS connections to transmit tokens. The HTTPS method prevents potential interception and keeps the transaction secure.
Always generate the hash server-side; never expose your secret key in the frontend.