Third Party Login

With third party login, you can use the admin credentials to obtain a session id for a particular domain or user and use that id to login into that domain or user of the PBX from another webpage (URL) other than the PBX. That is very useful when you want to access a domain or user of the PBX through links from another site without having to enter the login credentials. The session id's can be obtained by the server from the PBX, and the front end of the server can then obtain those id's to be inserted into the links to enter a particular domain or user of the PBX.

Steps to setup a third party login.

  •  POST /rest/system/session HTTP/1.1
     Authorization: Basic base64encode(admin:password)
     Content-Type: application/json
       name: "3rd",
       username: "admin",
       domain: ""
       name: "3rd",
       username: "40",
       domain: ""
  • This returns the session token to be used.
  • In the first example, where username is the admin, the session id of the domain (e.g. is returned.
  • In the second example, where username is the 40, the session id of the extension (40) in domain ( is returned.
  • In the server, using the curl, you will get the session token for the domain or user (using the admin credentials as shown above) and pass it to your client in the browser.
  • Use that token as session id parameter in the URL as follows:
  • https://localhost/welcome.htm?sessId=< session id passed from the server goes here >
  • Also, you can select the language of the domain or user you are entering by including the lang parameter in the above url as given below. If it is omitted, English is selected by default.
  • https://localhost/welcome.htm?sessId=< session id passed from the server goes here >&lang=< language like en, fr, sp etc. goes here >
  • After the client clicks on the URL for a user interface, they should be able to get to the domain (the domain for which the id was obtained) or the user portal of the user, to whom the session id belongs.
  • This is sample PHP code for implementing a AJAX handler on the server side that does the work:
    // Make sure that this request is authenticated
    // TBD by final implementation
    // Set the trust parameters:
    $url = '';
    $username = 'abc';
    $password = 'def';
    // Decode the input:
    $body = json_decode(file_get_contents('php://input'));
    $domain = $body->{'domain'};
    $account = $body->{'account'};
    // Send the request:
    $body_string = json_encode(array('name' => '3rd', 'domain' => $domain, 'username' => $account));
    $header = "Content-Type: application/json\r\nAuthorization: Basic " . base64_encode($username . ":" . $password) . "\r\nContent-Length: " . strlen($body_string) . "\r\n";
    $result = file_get_contents($url, null,
                stream_context_create(array('http' => array(
                  'method' => 'POST',
                  'header' => $header,
                  'content' => $body_string))));
  • Below is a sample HTML form that uses the above script:
  • Make sure to name the above file which will be called in the below Script (For e.g 'thirdpartylogin.php' in this example).
         <!DOCTYPE html>
    	 <title>Vodia PBX 3rd party login</title>
    	   function load() {
    	   var form = document.getElementById('form');
    	   var account = document.getElementById('account');
    	   var domain = document.getElementById('domain');
    	   function submit(e) {
    	   var xhr = new XMLHttpRequest();'POST', '/thirdpartylogin.php', true);
    	   xhr.setRequestHeader("Content-Type", 'application/json');
    	   xhr.onreadystatechange = function() {
    	   if (xhr.readyState == 4) {
    	   var session = JSON.parse(xhr.responseText);
    	   document.location = '' + session;
    	   var data = {
    	   account: account.value,
    	   domain: domain.value
    	   form.addEventListener('submit', submit);
    	   window.addEventListener('load', load, false);
    	 <form id="form">
    	     <label for="account">Account</label>
    	     <input type="text" id="account">
    	     <label for="domain">Domain</label>
    	     <input type="text" id="domain">
    	     <button type="submit">Execute</button>
  • The third party login directly into the domain or user portal should now be possible.