Website Widget

Eber Customer Portal can be embedded as a widget in any website.

Embed Widget

Use this JavaScript to add widget to your website.

<script type="text/javascript" scr=“https://widget.eber.co/new-widget/initialize/{business_id}”></script>

Embed Widget with Single Sign-On

Our widget supports HMAC- SHA1(Single Sign-On) so that verified visitors do not have to sign in again in the widget. To do so, use the following JavaScript instead.

<script type="text/javascript" src="https://widget.eber.co/new-widget/initialize/{business_id}?hmac_email={email}&hmac_hash={hmac_value}&login_url={encoded_login_url}&signup={encoded_sign_up_url}"></script>

Notice that you need to replace few values in the JavaScript:

ValueDetailsExample
{email}The email address of the logged in user.[email protected]
{hmac_value}The HMAC encoded value of the email address above.

See HMAC details below.
e486a2e18d5670c2d80d88e-b1952cc2e109664510af5176-4cfc4a16992444
{encoded_login_url}If your site visitor has not sign in, this is the URL they will be redirected to when Sign In button in the widget is clicked.

The reason for doing this is that since the visitor in on your website and we are using integrated log in. They should sign into the website and the widget is automatically logged in as well.

See pic below where the Sign In button will be shown.
https%3A%2F%2Fbrand.com%2Flogin

Please encode the URL. About URL Encoding
{encoded_sign_up_url}Same as the login URL above but this is URL they will be redirected to when Sign Up button in the widget is clickced.https%3A%2F%2Fbrand.com%2Fsignup

Please encode the URL.

About HMAC

HMAC- SHA1( Single Sign-On) is a session and user authentication service that permits a user to use one set of login credentials to access multiple applications. Hash-based message authentication code (HMAC) provides the server and the client each with a private key that is known only to that specific server and that specific client. The client creates a unique HMAC, or hash, per request to the server by hashing the request data with the private keys and sending it as part of a request.

Get HMAC Secret Key

The HMAC Key can be found in API function in the Eber admin portal. Use the HMAC Key to encrypt the email address to get the {hmac_value}. Since both party shared the same HMAC secret key, Eber can authorised the sign in to the widget.

616

HMAC Encoding

HMAC encoding requires server side encoding, please do not use JavaScript to encode the HMAC value. As it will expose your HMAC key to unauthorised access to other user's Customer Portal.

$hash = hash_hmac('sha256', $email, $hmac_key);

Widget Control

Once you had done embed the Eber Widget on your website, and you would like to show or hide the widget using your own link (for eg. a banner or a button), you can do so by adding your scripts with the following Javascript command:

To show or hide the widget:

<a href="javascript:eber.toggle()">Toggle</a>