View Source

Overview

Interactive login is to be used when the user is present to login (for example, 3rd Party Desktop Applications) and will manage any additional information required at login depending upon a customer's account (such as 2 Factor Authentication codes or National Identifiers).

This is achieved by embedding the Betfair IdentitySSO login page in your application and then obtaining a successful session token upon login. The Keep Alive operation should be called within session expiry time if the user is still actively using your application.

Obtaining the sessionToken from the POST data

Once a login has been successfully made, the Javascript in the page will POST the session token (ssoid) to the URL provided as a redirect URL. For a desktop application, this is not required to be a real page as the desktop application can intercept the POST request as it happens via the embedded browser container. A Windows based application can embed a web browser into the application and use the BeforeNavigate2 event to catch the post data sent to the redirect URL and there are platform specific alternatives. The POST request body will contain two URL encoded parameters (which you will need to URL Decode):

ssoid - This is your session token and should be attached to requests made to API-NG in the X-Authentication header.
errorCode - This is returned in a URL by Betfair and provides the reason for the login failure.

This flow protects the implementing application from user login complexities, such as 2 factor auth, requiring national identifiers or jurisdictional migrations.

The Interactive Login is the same login flow used by the Betfair website and therefore, any message's will be returned directly by Betfair & handled in the same way.

errorCode
ACCOUNT_ALREADY_LOCKED	the account is already locked
ACCOUNT_NOW_LOCKED	the account was just locked
ACCOUNT_PENDING_PASSWORD_CHANGE	the account must undergo password recovery to reactivate via https://identitysso.betfair.com/view/recoverpassword
AGENT_CLIENT_MASTER	Agent Client Master
AGENT_CLIENT_MASTER_SUSPENDED	Suspended Agent Client Master
BETTING_RESTRICTED_LOCATION	the account is accessed from a location where betting is restricted
CERT_AUTH_REQUIRED	Certificate required or certificate present but could not authenticate with it
CHANGE_PASSWORD_REQUIRED	change password required
CLOSED	the account is closed
DANISH_AUTHORIZATION_REQUIRED	danish authorization required
DENMARK_MIGRATION_REQUIRED	denmark migration required
DUPLICATE_CARDS	duplicate cards
EMAIL_LOGIN_NOT_ALLOWED	This account has not opted in to log in with the email
INVALID_CONNECTIVITY_TO_REGULATOR_DK	the DK regulator cannot be accessed due to some internal problems in the system behind or in at regulator; timeout cases included.
INVALID_CONNECTIVITY_TO_REGULATOR_IT	the IT regulator cannot be accessed due to some internal problems in the system behind or in at regulator; timeout cases included.
INVALID_USERNAME_OR_PASSWORD	the username or password are invalid
ITALIAN_CONTRACT_ACCEPTANCE_REQUIRED	The latest italian contract version must be accepted
KYC_SUSPEND	KYC suspended
NOT_AUTHORIZED_BY_REGULATOR_DK	the user identified by the given credentials is not authorized in the DK's jurisdictions due to the regulators' policies. Ex: the user for which this session should be created is not allowed to act(play, bet) in the DK's jurisdiction.
NOT_AUTHORIZED_BY_REGULATOR_IT	the user identified by the given credentials is not authorized in the IT's jurisdictions due to the regulators' policies. Ex: the user for which this session should be created is not allowed to act(play, bet) in the IT's jurisdiction.
MULTIPLE_USERS_WITH_SAME_CREDENTIAL	There is more than one account with the same credential
PENDING_AUTH	pending authentication
PERSONAL_MESSAGE_REQUIRED	personal message required for the user
SECURITY_QUESTION_WRONG_3X	the user has entered wrong the security question 3 times
SECURITY_RESTRICTED_LOCATION	the account is restricted due to security concerns
SELF_EXCLUDED	the account has been self excluded
SPAIN_MIGRATION_REQUIRED	spain migration required
SPANISH_TERMS_ACCEPTANCE_REQUIRED	The latest spanish terms and conditions version must be accepted
STRONG_AUTH_CODE_REQUIRED	2 Step Authentication code is required. Please append this to your Betfair password.
SUSPENDED	the account is suspended
TELBET_TERMS_CONDITIONS_NA	Telbet terms and conditions rejected
TRADING_MASTER	Trading Master Account
TRADING_MASTER_SUSPENDED	Suspended Trading Master Account
TEMPORARY_BAN_TOO_MANY_REQUESTS	The limit for successful login requests per minute has been exceeded. New login attempts will be banned for 20 minutes

URL Definition (Global)

https://identitysso.betfair.com/view/login?product=<theProductDescriptor>&url=<theRedirectUrl>

URL Definition - Other Jurisdictions

Please use the below if your country of residence is in one of the list jurisdictions.

Jurisdiction	Endpoint
Australia	https://identitysso.betfair.com.au/view/login?product=<theProductDescriptor>&url=<theRedirectUrl>
Italy	https://identitysso.betfair.it/view/login?product=<theProductDescriptor>&url=<theRedirectUrl>
Spain	`https://identitysso.betfair.es/view/login?product=<theProductDescriptor>&url=<theRedirectUrl>`
Romania	`https://identitysso.betfair.ro/view/login?product=<theProductDescriptor>&url=<theRedirectUrl>`
Sweden	https://identitysso.betfair.se/view/login?product=<theProductDescriptor>&url=<theRedirectUrl>

Parameters

Name	Description	Sample
product(mandatory)	The product for which the login page is used and on which the user will do the login; This should be your application key.	"IhDSui3ODdsdwo"
url (mandatory)	The url to which the the browser should be redirected in case of a successful login. By default only https://www.betfair.com will be allowed	https://www.betfair.com

Please note that all method names are case sensitive, this includes login, keepAlive and logout.