To understand this API's various URL resources and the data it exchanges, it helps to be familiar with the following concepts:

  • Social login token. Represents the intermediate stage in a social login. To log in to Identity Cloud by using a social login identity provider (IdP), a user first logs in to the IdP. If the user is successfully authenticated, the IdP returns an access token f(for example, Facebook returns a Facebook access token). That IdP token is exchanged for an Identity Cloud social login token, and the social login token is then exchanged for an Identity Cloud access token. See Create a server-side token for more information.

  • Social login identity provider. Third-party website whose accounts are trusted by an Identity Cloud website or app. The net result is that, after proper configuration, a user can log on to an Identity Cloud website by using their Facebook account or their Twitter account. (Facebook and Twitter being examples of social login identity providers.) Note that the Social API works with the same predefined social login identity providers found in the Social Login Dashboard. To create custom identity providers (i.e., identity providers not predefined for you) see Introduction to custom providers.

  • Domain allowlist. When enabled, the domain allowlist specifies the domains allowed to communicate with your social login application. Adding domains to the allowlist adds additional security to social logins. With the allowlist enabled, users can only be authenticated if they present a token obtained from a domain on the list. See Domain allow list for details.