You are using the new API (2.1) - We have recently made changes to the API.


Here at DACCAA, we love developers.

We have updated the API to V 2.1 which is an update from 2.0. Whilst this is considered a minor update, you will need to change code on your end if you use the API. We have simplified the API process to make sure that you don't need to complete unnecessary steps.

The login button

To make your login button you need to create a link to Now this is where the change is from the last version, you must specify where you want the user to be redirected back to such as, of course this replaces the need for the accept directory however you could easily just have the redirect_uri set to your accept directory.

What does this return?

When we send the user back to your site we will append the following information to the redirect_uri: ?success=true&id=Member ID&email=Email. Now if you application only needs an email address then this is fine and you can stop there. However if you wish to gain more information you will need to apply for an API key using the "My Key" link above.

Getting more information

If you want more information from DACCAA like the users name or profile picture then you need to make a full API request using a key. Luckily your user will have provided you with permission to access their account and you now have their email address and their member id. If you make an API request to DACCAA with that information we will provide you with the rest of the information you require. Make sure you store the email address and member id.

How do I make a request?

Making an API request to DACCAA is extremely simple and if you have ever made an API request before this should be very straight forward. So what information do we provide? We provide the information listed in the table below:

idThe ID (unique) that we assign each user.
emailWe will also send the users email.
fnameThe users first name, this works of a full name explosion where the first space is found.
snameThis is the users surname, it can contain a middle name or a double barrel name.
sbImageThis is for use with the DACCAA Sidebar as it provides information on the image used.
effectThis is for use with the DACCAA Sidebar as it provides information on the effect used.
bannedThe status of whether the account is currently banned or not. If it is it is your discretition wether to allow them to login or not.
profileThe link to the profile picture (returned with \ to break slashes.)

You must make your requests to

For example:

A list of all excepteded variables are listed below, when we say first request we mean when the user has to enter there password, all future requests (second request) do not require the users password.

VariableExplanationExpected ExampleRequired
emailThis is the users email address.dave@daccaa.comyes
typeThis is the type of login.normalyes
idThis is the users id. 01yes

You will need to obtain a key to make requests.

You should store the id and email address for future requests.

Thoughts and implementations

Before we get onto any examples, I would like to take this time to discuss applications for the use of the DACCAA API as there has been several different examples where people have found use for the DACCAA API. Here are just some examples:

  • Login with DACCAA (see below)
  • An autofill method for information - DACCAA makes sharing your information seemless so it is easy to create a autofill with DACCAA button.
  • Contact using DACCAA information

Login with DACCAA

I want to spend some time elaborating on the login with DACCAA method as it was designed with a certain focus in mind. The user flow would be something like:

  • The user visits your website
  • The user clicks either login or register
  • The user sees the login with DACCAA button (on both register and login page)
  • The user clicks the button and is sent to the authorisation page (as they are already logged in - likely as DACCAA remembers them)
  • The user then clicks "authorise" and is taken back to your site

Now lets stop there because this is where the system ideology starts to form.

If the user has an account but has not associated it with their DACCAA account then this process would make the association and then log them in.

If the user has an account that has been associated then it will just log them in.

If the user has never visited this website before then an account is created and the associated is made - the user has the oppertunity to create a password later on or just use DACCAA to login everytime - usernames can also be generated by using hashed emails or any value you like which is then shortened and added to their firstname.)

So what are we checking when we say they already have an account? We are checking the email addresses, we make the assumption that as DACCAA verifies all email addresses and has options for 2FA (two factor authentication) then we will be pretty sure that the person we are sending over to you is the person who it is meant to be.

Brand Values and Rules

As you may expect we have certain values and expectations for the usage of our members system. You must do the following:

  • Always contain the on any form that is a login form for DACCAA.
  • You can place buttons with the following, "Login with DACCAA", "Autofill with DACCAA" or "Register with DACCAA".
  • Any button that uses the API must be styled like so:

  • Do not place anything on the login in page that suggests that it is not linked to DACCAA.
  • Do not state that DACCAA is a partner/sponsor or any other non such affiliate.
  • Always include a link to the DACCAA sign up page.
  • You may use the DACCAA hex colours: #0099cc and #006699.
  • You may also use the marketing "Works with DACCAA" image (

Home page

This is some important code for your homepage. This includes understanding the errors that DACCAA may return. Below is some basic code that you may want to head your index page with (or where ever the login button is).

Index Page - error handling:

session_start(); if(isset($_SESSION['id'])) { $message = 'Welcome, '.$_SESSION['fname'].' <a href="logout.php">Logout</a>'; } else { $message = '<a href="" class="main login" style="font-size: 16px">Login with DACCAA</a>'; } if($_GET['error'] == "badauth") { echo '<div class="error">You did not authroise the sign in with your DACCAA account.</div>'; } if(isset($_SESSION['fname'])) { $name = $_SESSION['fname'].' '.$_SESSION['sname']; } else { $name = NULL; } if($_GET['login'] == "yes") { $message = '<a href="" class="main login" style="font-size: 16px">Authorise Login</a>'; }

PHP example

This is an example of the PHP code you will need to store in the accept directory. This code allows you to make a request to the server. Please note that this code does not consider any security at all which we recommend you use.

PHP processing code:

session_start(); $email = $_GET['email']; $id = $_GET['id']; $url = ''.$email.'&id='.$id.'&type=normal'; $curl = curl_init($url); curl_setopt_array($curl, array( CURLOPT_RETURNTRANSFER => 1, CURLOPT_USERAGENT => 'DACCAA-Account', CURLOPT_FAILONERROR => true )); $result = curl_exec($curl); if(!curl_exec($curl)){ die('Error: "' . curl_error($curl) . '" - Code: ' . curl_errno($curl)); } curl_close(); $result = json_decode($result, true); $_SESSION['id'] = $response[0]['id']; $_SESSION['fname'] = $response[0]['fname']; $_SESSION['sname'] = $response[0]['sname']; $_SESSION['email'] = $response[0]['email']; $_SESSION['banned'] = $response[0]['banned']; $_SESSION['profile'] = str_replace('\\', '' ,$response[0]['profile']); if($_SESSION['id'] == "") { die('Unknown Error.'); } echo 'Welcome, '.$_SESSION['fname'].'. <br />Logging you in now.'; echo '<meta http-equiv="refresh" content="1; url=<REPLACE WITH YOUR URL>">';


Did we make a mistake? Do you think there is any vulnerabilites with this? Or are you still confused? Then get in touch with us and we will aim to reply with 48 hours for the quickest support possible.

contact us

Copyright © to Danny Franklin 2015.