iFrame Integration with Qflow

If you're using Qflow's Enterprise API setup, it's really easy to immediately take advantage of Qflow's whitelabel check-in portal. Your customers are presented with the ability to edit events, add guests and see statistics all in your branded solution and more importantly all within the confines of your own event / ticketing portal.

Once you've logged in to your enterprise account from the Welcome email you've recieved, you can see your enterprise PIN. In this example lets call your PIN 123.

As well as an enterprise PIN, you have a key which is unique to your enterprise, this key let's access your user's account on their behalf and should be kept completely secret. If you wish to use the iFrame integration method you should contact us for this key. In this example your KEY will be hfdg8AZgkKCQcNCgwOBAYIBa.

So to recap, we've already got access to a PIN and a KEY.

PIN: 123
KEY: hfdg8AZgkKCQcNCgwOBAYIBa

Next you'll need to know which user you're going to sign in. A user has a unique ID (USERID) and you can have many users in your enterprise. In this example our user will have the ID of 050f4a44-d7d1-452e-837a-0d2759dcfa69.

Click here to find out how to create users in your enterprise

You'll next need to reference the code below to create your user's SSO token, which will sign your user in seamlessly to the Qflow backend. (Branded to you)

There are a few variables in the code we'll need to discuss.

In the $text variable you put together the above variables as so

{USERID}@{PIN}

$text = '050f4a44-d7d1-452e-837a-0d2759dcfa69@123';

Code to create a user token

<?php
   $text = '050f4a44-d7d1-452e-837a-0d2759dcfa69@123';
   $key = 'hfdg8AZgkKCQcNCgwOBAYIBa';
   $iv =  'security_init_vector@qflowhub.io';

   // Make sure padding is created for the encryption PKCS7
   $block = mcrypt_get_block_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_CBC);
   $padding = $block - (strlen($text) % $block);
   $text.= str_repeat(chr($padding), $padding);

   // now padding is added we can create our SSO token
   $crypttext = mcrypt_encrypt(MCRYPT_RIJNDAEL_256, $key, $text, MCRYPT_MODE_CBC, $iv);
   $encrypted = base64_encode($crypttext);

   // token to send to Qflow
   echo urlencode($encrypted);
?>

Your USERID token is now generated into $encrypted variable is placed in the URL here...

https://your_enterprise.qflowhub.io/sso?successUrl=REFERRER&token= + $encrypted

We'll need to know the REFERRER. This is the domain, hosting the iframe, again you can share this with us when you request your enterprise key.

your_enterprise in the link above is the prefix we'll ask for when we setup your Enterprise account.

The last piece is to place the link above in into the 'SRC' of your iframe element. This will seamlessly sign the user in without their password into the iframe.