Remote Authentication: Autoredirect to Another Website to Log In


When using remote authentication, you may want to prevent users from accessing the content directly and rather have them access content through a secure website.  

This way you can build your own authentication method (eg. based on IP address, or  restrict number of accesses by a user) and utilize your own payment mechanism.


Step 1: Setup Remote Authentication with Redirect Script in Custom Message

Just set up remote authentication, or Single Passphrase and fill out all the required fields.  Note that one of these options must be turned on but you won't need to actually have a functioning remote script or utilize the passphrase challenge because you will be auto redirecting them to another site per below.  Note that in order to support the Annotation Tools, you should turn on the remote authentication rather than passphrase, and ensure 'return userid' option is checked.

THEN, use the Optional Custom Login Screen Message to enter your script which will redirect automatically to the website of your choice.

NOTE:  Change the address in double quotes to the URL of your choice.  Standard use would be the login for your external website. = "";

An element with the Folder name will display briefly, then the target website will load instead.


Step 2: Use API to Bypass the Redirect from within Secure Webpage

Click Here for the article on AuthenticateRemoteUser API Method

This method will return a token from our system that must be appended to your Folder or Flipbook URLs on your secure page. That token appended link will bypass that redirect and load the content for the user.

An example method call could be:

(xxxxx is where you would need to plug in your API Key, Signature, and TitleID/FolderID


That method will return an XML response (or JSON if chosen) that contains a token. You must parse that XML response (or JSON) and add the token to the end of a Folder or Flipbook URL that is on that secure webpage using ?token=xxxxx



You can dynamically build these token appended links whenever the secure page loads OR

Recommended:  Obtain and append the token on link click instead to reduce the number of API calls

See diagram below:


1 out of 1 found this helpful