Brand Account Management Process

In Aprimo DM, there are two types of brand account users.   The main administrator will login via the brand account, and all other brand users will login via a brand user accounts.

Brand login

Brand SSO user login

This endpoint should be used to login a brand admin user or brand user into Aprimo DM

  • Use the GET endpoint below

Brand - SSO technical detail

There are two methods for invoking the Aprimo Brand SSO Endpoint – GET and POST.

GET Parameter overview

Use this endpoint to log in an existing brand user or brand admin user

  • Email, the email address of the brand user who is attempting the login (note: email address is the unique identifier for brand users)
  • Source, a unique identifier for your brand provided by Aprimo DM.
  • Nonce, a number used only once that must be a positive integer that increments each time a call is made for a particular user. The nonce is tracked per user, so the same number may be used for different users, but only once per user. Note the below examples of when a nonce is valid or invalid. The nonce prevents HTTP replay attacks.
  • Code, a calculated HMAC using the SHA256 algorithm using a key that Aprimo DM provides. This serves to validate that the request is coming from the source that it claims to be as well as prevents query string tampering. While the parameters which calculate the HMAC are case sensitive, the resulting value (a string of hex values) is not.

The code may be formed by concatenating the email, source, and nonce parameter values with no spaces or characters between and running the resulting value through a SHA256 hash code function.

In order to implement Aprimo DM SSO, query string parameters must be passed to an endpoint via HTTP GET.
A sample URL may look like:


Post Body

Use this endpoint to create a new brand user and login that user right away

If electing to use HTTP Post, the following parameters may be passed in and defaulted on the form.

Form Key Name Field of Registration Form Required Additional Details
FirstName First Name Yes
LastName Last Name No
Title Title No
ContactEmail Email Yes Valid email address
Phone Phone No
PhoneExt Ext No
Territory Territory No Valid option setup by brand
Location Location Yes Valid location configured by brand
DigitalProfilePicture Profile Picture No Represented in base 64 format
AccountAccess Account Access Yes Valid access option in platform
Business Role Business Role No Valid role option in platform
About Me About Me No
IsPrimaryContact Primary Contact No Only 1 primary contact per brand

Below is some sample C# code used to generate a sample URL for Aprimo DM SSO’s GET endpoint.
Running this code produces the sample URL.


SSO Sample

The Aprimo DM SSO Sample is available at:

This generates a GET request.
Below is a screenshot of the SSO sample page.
This sample is written entirely in client-side code. You may view source on the sample page to see the javascript used to generate the request and HMAC. Note that the crypto-js library is used to generate the HMAC in this example which has its own 3rd party license.

Brand SSO Request Parameters