Skip to main content

Single Sign On in cart

Last updated: 13-Oct-2021
Rate this article:


Use the getSingleSignOnInCart method. 2Checkout attaches a unique token to links, designed to identify the returning shoppers and support the automatic extraction of payment data and billing information from the 2Checkout system. For example, you can generate single sign-on in cart links for existing customers logged into your website based on their external or 2Checkout customer IDs.

How does this work?


When accessing the shopping cart using tokenized payment links:

  • 2Checkout prefills automatically customer billing and delivery details associated with their 2Checkout customer accounts (linked based on their unique customer IDs).
  • 2Checkout presents shoppers with an optimized payment area featuring the credit/debit cards used to make previous purchases/transactions in the 2Checkout system. Customers have the option of selecting one of the payment methods depending on available card-on-file data.





Required (string)


Session identifier, the output of the Login method. Include sessionID into all your requests. 2Checkout throws an exception if the values are incorrect.  The sessionID expires in 10 minutes.


Required (string)


Unique customer identifiers. Can be either the ExternalCustomerReference you control or the system-generated 2CheckoutCustomerReference.


Required (string)


Possible values:

  • ExternalCustomerReference
  • 2CheckoutCustomerReference


Required (string)


The shopping cart URL. 2Checkout redirects shoppers to this URL.


Possible values:


Any buy link you generate from the cPanel or using the API. Note: For the time being, payment tokenization does not support Express Payments Checkout or the 2Checkout mobile shopping cart.


Optional (int)


The time, in seconds, before the single sign-on URL expires. By default, the URL expires after 10 seconds. (optional)


Optional (string)


The IP address of the shopper, necessary for security purposes. Can be an empty string or a valid IP, or null.


Single sign-on URL



The generated string is the tokenized time-limited single sign-on URL pointing to 2Checkout shopping cart.


Note: Each SSO link cleans any previous cart sessions. Shoppers using multiple SSO links would purchase only a single product at a time.


If shoppers add multiple products to cart via SSO buy links and then use a non-SSO link, they’ll purchase all items using the same order.

When you use single sign-on in cart for customers without card on files in the 2Checkout system, the generated tokenized link prefills the billing information but the purchase process requires that shoppers provide payment information, such as a credit or debit card.



Important! You can use the value of the logintoken to retrieve customer information by SSO token.


function callRPC($Request, $hostUrl, $Debug = true) {
    $curl = curl_init($hostUrl);
    curl_setopt($curl, CURLOPT_POST, 1);
    curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, 0);
    curl_setopt($curl, CURLOPT_SSL_VERIFYHOST, 0);
    curl_setopt($curl, CURLOPT_SSLVERSION, 0);
    curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);
    curl_setopt($curl, CURLOPT_HTTPHEADER, array('Content-Type: application/json', 'Accept: application/json'));
    $RequestString = json_encode($Request);
    curl_setopt($curl, CURLOPT_POSTFIELDS, $RequestString);
    if ($Debug) {
    $ResponseString = curl_exec($curl);
    if ($Debug) {
    if (!empty($ResponseString)) {
        $Response = json_decode($ResponseString);
        if (isset($Response->result)) {
            return $Response->result;
        if (!is_null($Response->error)) {
            var_dump($Request->method, $Response->error);
    } else {
        return null;
$host = '';
$merchantCode = "YOUR_MERCHANT_CODE";// your account's merchant code available in the 'System settings' area of the cPanel:
$key = "YOUR_SECRET_KEY";// your account's secret key available in the 'System settings' area of the cPanel:
$string = strlen($merchantCode) . $merchantCode . strlen(gmdate('Y-m-d H:i:s')) . gmdate('Y-m-d H:i:s');
$hash = hash_hmac('md5', $string, $key);
$i = 1; // counter for api calls
// call login
$jsonRpcRequest = new stdClass();
$jsonRpcRequest->jsonrpc = '2.0';
$jsonRpcRequest->method = 'login';
$jsonRpcRequest->params = array($merchantCode, gmdate('Y-m-d H:i:s'), $hash);
$jsonRpcRequest->id = $i++;
$sessionID = callRPC($jsonRpcRequest, $host);
$IdCustomer = '352365983';
$CustomerType = '2CheckoutCustomerReference';
$Url = '';
$ValidityTime = 50;
$ValidationIp = null;

$jsonRpcRequest = array (
'method' => 'getSingleSignOnInCart',
'params' => array($sessionID, $IdCustomer, $CustomerType, $Url, $ValidityTime, $ValidationIp),
'id' => $i++,
'jsonrpc' => '2.0');

var_dump (callRPC((Object)$jsonRpcRequest, $host, true));
Rate this article:

Need help?

Do you have a question? If you didn’t find the answer you are looking for in our documentation, you can contact our Support teams for more information. If you have a technical issue or question, please contact us. We are happy to help.

Not yet a Verifone customer?

We’ll help you choose the right payment solution for your business, wherever you want to sell, in-person or online. Our team of experts will happily discuss your needs.

Verifone logo