createToken — Retrieving the token for single sign-on authentication

SiteLock enables simple single sign-on (SSO) authentication via a token that allows the user to be authenticated into the SiteLock Dashboard for a session. Retrieving the authentication token for the end user’s account is as simple as making a request to the SiteLock API endpoint.

This API call is typically made by a partner when the user initiates an SSO action from a page on the partner’s site. The token returned allows the user to be redirected to the SiteLock Dashboard.

The read-only API endpoint is:

https://api.sitelock.com/v1/partner

Request format

  • SiteLockOnlineRequest: This element is used to delineate the full API request.

    • authentication: The partner’s username, password, and branding

      • username: The partner’s API username

      • password: The partner’s API password

      • partner: (Optional) The brand name to use in messaging

    • createToken: The method name

      • account_id: The account ID (provisioned by your reseller account) to be authenticated

Example request

<SiteLockOnlineRequest>
    <authentication>
        <user>Username</user>
        <password>Password</password>
    </authentication>
    <createToken>
        <account_id>570</account_id>
    </createToken>
</SiteLockOnlineRequest>

Response format

  • SiteLockOnlineResponse: This element is used to delineate the full API response.

    • loginURL: The URL containing the authentication token

Example success response

<SiteLockOnlineResponse>
    <loginURL>https://secure.sitelock.com/rlogin.php?token=e56e0da2b5c0e933cd8926314f19e93d</loginURL>
</SiteLockOnlineResponse>

Example error response

<SiteLockOnlineResponse>
    <createToken>
        <error>account_id not found</error>
    </createToken>
</SiteLockOnlineResponse>

Using the authentication token

The authentication token is a session URL that can be used to redirect the user to the SiteLock Dashboard. For example, redirecting a user with account ID 570:

https://secure.sitelock.com/rlogin.php?token=e56e0d2b5c0e933cd8926314f19e93d

This URL automatically authenticates the user and grants dashboard access. This is a session token and will only work for a short period of time.

Redirecting to a specific site

To display data for a specific SiteLock site ID, append &site_id=xxxxx to the URL:

https://secure.sitelock.com/rlogin.php?token=1234&site_id=5678

If the site ID is invalid or missing, the first site in the account’s list will be displayed by default.

Redirecting to a specific page

To take the user directly to a specific dashboard page, append &site_id=xxxxx&page=xxxxx to the URL:

https://secure.sitelock.com/rlogin.php?token=1234&site_id=5678&page=smart_scan

Supported page parameters

The following page values can be used to navigate the user to specific sections of the SiteLock Dashboard:

  • wizard

  • firewall_cdn

  • smart_file

  • smart_database

  • smart_patch

  • backup

  • vulnerability_scan

  • xss

  • sql_injection

  • latform_scan

  • webpage_scan

  • ssl_monitor

  • email_reputation

  • riskscore

  • pci

If no page parameter is provided, the user will be taken to the default SiteLock Dashboard.

The verify_domain_email parameter will currently redirect users to the same location as wizard until its dedicated page is live.

Example Full Redirect URL

A complete example where the user is redirected to the SSL Monitor page for site ID 5678:

https://secure.sitelock.com/rlogin.php?token=abcdef123456&site_id=5678&page=ssl_monitor