Customer Portal lets your customers to manage their account and billing themselves. ChargeBee supports Single Sign-on (SSO) to access the customer portal. If you already have your own authentication for your website, it allows your authenticated customers to access their portal without having to login again.

Note: You can instead allow your customers to access the portal via login page provided by ChargeBee. Read more.

Please follow the below steps for supporting portal access via SSO:

  1. Enable the "Allow access to customer portal via API" under "Settings > Hosted Pages Settings > Customer Portal" to use the portal sessions API.
  2. Provide a link in your website/application which your authenticated customers can use to access the portal (like /portal_link).
  3. Handle the link request in your server code and create a portal session for the customer by calling ChargeBee's "Create a portal session" API
  4. Forward the user to the access URL present in the "Portal Session" resource returned by the above API call.

Notes about access URL:

  • The access URL should be accessed by the customer within one hour from the time it was created.
  • Once accessed, the session is valid until the user logs out from the portal UI or logout API is called from your application for this session.
  • Once accessed, the access url cannot be reused. Hence do not persist this URL. Whenever you need to provide access to the portal, you need to create a new portal session.

Using Chargebee's authentication to allow access to your website

Chargebee allows you to integrate your website by building user authentication on top of Chargebee. If you would want to allow access to parts of your website only to subscribers (like a paywall), you can integrate Chargebee's authentication without having to handle it from your end.

Workflow:
Users should be redirected to the portal login URL - https://yourdomain.chargebeeportal.com/portal/login by passing the following parameters:

  • return_url - URL the users should be redirected to upon successful authentication.
  • cancel_url - URL the users should be redirected to when they want to go back to your website during login.

The domain name used in the Return/Cancel URL should be added as a 'Whitelisted Domain' in Chargebee. Add just the domain name in Chargebee and not the entire URL: E.g. yourdomain.com.

Upon successful authentication, a session is created for the user and Chargebee redirects the user to the return_url along with the following parameters:

  • auth_session_id - Identifier to the authenticated session.
  • auth_session_token - Token for the session which should be sent later to activate this session.

Using the auth_session_id & auth_session_token, you should call Activate a Portal Session API to validate the session details and create a session for that user in your website.

Note: The process of setting up the portal account will take place along with the authentication process.

Sample portal session [ JSON ]

{ "id": "portal_3Nl8KYnQHvmwUFTM", "token": "VjcdDQNbEsdPYG2v6wJ7FzzyU7t1iaOHt", "access_url": "https://yourapp.chargebeeportal.com/portal/access/VjcdDQNbEsdPYG2v6wJ7FzzyU7t1iaOHt", "redirect_url": "https://yourdomain.com/users/3490343", "status": "created", "created_at": 1493234299, "expires_at": 1493237899, "object": "portal_session", "customer_id": "KyVmylQHvmwT666", "linked_customers": [ { "object": "linked_customer", "customer_id": "KyVmylQHvmwT666", "email": "john@user.com", "has_billing_address": false, "has_payment_method": true, "has_active_subscription": false }, {..} ] }
id
Unique identifier for the portal session.
string, max chars=70
token
Unique pre-authenticated portal session token to access customer portal directly.
string, max chars=70
access_url
Unique URL for accessing the customer portal. Once accessed, this cannot be reused.
string, max chars=550
redirect_url
URL to redirect when the user logs out from the portal.
string, max chars=250
status
Indicates the current status of the portal session.
enumerated string, default=created
Possible values are
createdIndicates that the portal session is just created and not yet accessed by the user.logged_inIndicates that the portal session URL has been accessed by the user and the session is active.logged_outIndicates that the portal session is logged out either by user or via API.not_yet_activatedIndicates that the portal session is created and not yet activated for the customer to allow access to your website. This is applicable when you use ChargeBee’s authentication for your website. .activatedIndicates that the portal session is activated for the customer to allow access to your website. This is applicable when you use ChargeBee’s authentication for your website.
created_at
Timestamp indicating when this portal session was generated.
timestamp(UTC) in seconds
expires_at
Timestamp indicating when the access URL will expire. Once expired, the URL cannot be used to login into the portal.
optional, timestamp(UTC) in seconds
customer_id
Identifier of the customer.
string, max chars=50
login_at
Timestamp indicating when this portal session URL was accessed by the user.
optional, timestamp(UTC) in seconds
logout_at
Timestamp indicating when this portal session was logged out either by user or via API.
optional, timestamp(UTC) in seconds
login_ipaddress
IP Address from which the portal session URL was accessed.
optional, string, max chars=50
logout_ipaddress
IP Address from which the portal session was logged out either by user or via API.
optional, string, max chars=50
linked_customers
Show attributes[+]
The list of customers for this session.
optional, list of linked_customer
Linked customer attributes
customer_id
Identifier of the customer.
string, max chars=50
email
Email of the customer. Configured email notifications will be sent to this email.
optional, string, max chars=70
has_billing_address
The customer has billing address.
boolean, default=false
has_payment_method
The customer has payment method.
boolean, default=false
has_active_subscription
The customer has atleast one active subscription.
boolean, default=false

Creates a portal session for a customer. The session resource in the response contains the access URL. Forward the customer to that access URL. If you would like to logout the customer later via API call, you need to store the id of the portal session resource returned by this API. While creating a session, you also need to pass the redirect URL to which your customers will be sent to upon logout from the portal UI.

Sample Request
curl  https://{site}.chargebee.com/api/v2/portal_sessions \
     -u {site_api_key}: \
     -d customer[id]="4gkYnd21ouvW" \
     -d redirect_url="https://yourdomain.com/users/3490343"
copy
curl  https://{site}.chargebee.com/api/v2/portal_sessions \
     -u {site_api_key}: \
     -d customer[id]="4gkYnd21ouvW" \
     -d redirect_url="https://yourdomain.com/users/3490343"

Sample Response [ JSON ]

{"portal_session": { "id": "portal_3Nl8KYnQHvmwglTS", "token": "tdbvQKDvebX8vMmcdn2Km2hyBBj7ZKe49", "access_url": "https://yourapp.chargebeeportal.com/portal/access/tdbvQKDvebX8vMmcdn2Km2hyBBj7ZKe49", "redirect_url": "https://yourdomain.com/users/3490343", "status": "created", "created_at": 1493234299, "expires_at": 1493237899, "object": "portal_session", "customer_id": "KyVmylQHvmweC6K", "linked_customers": [ { "object": "linked_customer", "customer_id": "KyVmylQHvmwT666", "email": "john@user.com", "has_billing_address": false, "has_payment_method": true, "has_active_subscription": false }, {..} ] }}

URL Format POST

https://{site}.chargebee.com/api/v2/portal_sessions
redirect_url
URL to redirect when the user logs out from the portal.
required, string, max chars=250
forward_url
By default access_url redirects the customer to the portal home page. If you would like to redirect the customer to a different URL, you can use this parameter to do so.
optional, string, max chars=250
customer
Parameters for customer
pass parameters as customer[<param name>]
customer[id]
Identifier of the customer.
required, string, max chars=50
Resource object representing portal_session.
always returned
Retrieves the portal session resource.
Sample Request
curl  https://{site}.chargebee.com/api/v2/portal_sessions/portal_3Nl8KYnQHvmwUFTM \
     -u {site_api_key}:
copy
curl  https://{site}.chargebee.com/api/v2/portal_sessions/portal_3Nl8KYnQHvmwUFTM \
     -u {site_api_key}:

Sample Response [ JSON ]

{"portal_session": { "id": "portal_3Nl8KYnQHvmwhFTT", "token": "cUcvOraKcdV9TL25cdl8wuVhffwgqtvwWc", "access_url": "https://yourapp.chargebeeportal.com/portal/access/cUcvOraKcdV9TL25cdl8wuVhffwgqtvwWc", "redirect_url": "https://yourdomain.com/users/3490343", "status": "logged_in", "created_at": 1493234299, "expires_at": 1493237899, "object": "portal_session", "customer_id": "KyVmylQHvmweC6K", "login_at": 1493234299, "login_ipaddress": "127.0.0.1", "linked_customers": [ { "object": "linked_customer", "customer_id": "KyVmylQHvmwT666", "email": "john@user.com", "has_billing_address": false, "has_payment_method": true, "has_active_subscription": false }, {..} ] }}

URL Format GET

https://{site}.chargebee.com/api/v2/portal_sessions/{portal_session_id}
Resource object representing portal_session.
always returned

Logs out the portal session. Typically this should be called when customers logout of your application.

If this API is called for a Portal Session that currently is in :

  • "created" status, the session status will be marked as "logged_out" and the access URL will become invalid.
  • "logged_in" status, the session status will be marked as "logged_out" and customer will not be able to use that session.
  • "logged_out" status, this will return normally without changing any attribute of this resource.
Sample Request
curl  https://{site}.chargebee.com/api/v2/portal_sessions/portal_3Nl8KYnQHvmwUFTM/logout \
     -X POST  \
     -u {site_api_key}:
copy
curl  https://{site}.chargebee.com/api/v2/portal_sessions/portal_3Nl8KYnQHvmwUFTM/logout \
     -X POST  \
     -u {site_api_key}:

Sample Response [ JSON ]

{"portal_session": { "id": "portal_3Nl8KYnQHvmx2UTW", "token": "lTfFQjnLF04PiNf18Qw08tjG6c4Yyuo6", "access_url": "https://yourapp.chargebeeportal.com/portal/access/lTfFQjnLF04PiNf18Qw08tjG6c4Yyuo6", "redirect_url": "https://yourdomain.com/users/3490343", "status": "logged_out", "created_at": 1493234301, "expires_at": 1493237901, "object": "portal_session", "customer_id": "KyVmylQHvmweC6K", "login_at": 1493234301, "logout_at": 1493234302, "login_ipaddress": "127.0.0.1", "logout_ipaddress": "127.0.0.1", "linked_customers": [ { "object": "linked_customer", "customer_id": "KyVmylQHvmwT666", "email": "john@user.com", "has_billing_address": false, "has_payment_method": true, "has_active_subscription": false }, {..} ] }}

URL Format POST

https://{site}.chargebee.com/api/v2/portal_sessions/{portal_session_id}/logout
Resource object representing portal_session.
always returned

When an user is sent back to your return URL with session details, you should validate that information by calling this API. The details passed to the return_url should be sent as below:

  • auth_session_id - this should be sent as part of the endpoint.
  • auth_session_token - this should be sent as value for the input parameter token.

Sample Request
curl  https://{site}.chargebee.com/api/v2/portal_sessions/portal_3Nl8KYnQHvmwUFTM/activate \
     -u {site_api_key}: \
     -d token="VjcdDQNbEsdPYG2v6wJ7FzzyU7t1iaOHt"
copy
curl  https://{site}.chargebee.com/api/v2/portal_sessions/portal_3Nl8KYnQHvmwUFTM/activate \
     -u {site_api_key}: \
     -d token="VjcdDQNbEsdPYG2v6wJ7FzzyU7t1iaOHt"

Sample Response [ JSON ]

{"portal_session": { "id": "portal_3Nl8KYnQHvmyOCTa", "token": "KI61uE8vKscut6Y0EbojccdTLlcdqKscu5rK", "access_url": "https://yourapp.chargebeeportal.com/portal/access/KI61uE8vKscut6Y0EbojccdTLlcdqKscu5rK", "redirect_url": "https://cbdemo.com:8080/mock/mock.jsp", "status": "activated", "created_at": 1493234306, "expires_at": 1493234606, "object": "portal_session", "customer_id": "KyVmylQHvmwT666", "login_at": 1493234306, "login_ipaddress": "127.0.0.1", "linked_customers": [ { "object": "linked_customer", "customer_id": "KyVmylQHvmwT666", "email": "john@user.com", "has_billing_address": false, "has_payment_method": true, "has_active_subscription": false }, {..} ] }}

URL Format POST

https://{site}.chargebee.com/api/v2/portal_sessions/{portal_session_id}/activate
token
Unique pre-authenticated portal session token to access customer portal directly.
required, string, max chars=70
Resource object representing portal_session.
always returned