Auto Login - Seamless Login

I am trying to develop a product where a client logs in on my site, say with their own username and password. Using the API, I want the client to be automatically logged on to the Campaign Monitor site with the same user name and password information.

Is this possible?

I know we can create a new client using the Client.Create method. I could then potentially also call Client.UpdateAccessAndBilling, but I am a little confused as to how I could auto-login the client onto the Campaign Monitor site.

The scenario should be:
1. Client logs on to my site
2. Client clicks on "Access Campaign Manager"
3. Client is automatically logged in to Campaign Monitor and can view all the necessary sections.

Any thoughts?

Thank You
Anup Marwadi,
HyperTrends LLC

Dave Dave, 8 years ago

Hi Anup,

We actually provide you with the code to add a login form onto your own site where your clients can be automatically logged into their account. Head into the "Customize" section of your account and you'll see a link to add a form to your site in the right sidebar.

amarwadi, 8 years ago

Thank you for your response,
I was asking more of a Single Sign On kind of a scenario. I wanted tot know if that was possible or not.
We don't want the customer to login twice since they will already be logged in through our site using their username/password when they come to the Campaign Management module on our site. Showing another login screen at that point wouldn't be a good choice for us.


openconsult, 8 years ago


Did you or anyone figure out how to do this or if it is possible. We'd like to do the exact same thing.



rainbow2009, 8 years ago

pret auto
That's a good strategy, I think so.

amarwadi, 8 years ago

From what I understand, i don't think single sign on is possible. If anyone has an answer, I would really appreciate it!


jackturner, 8 years ago

Hi Anup,

I recently needed the same thing for a site of mine and found a solution that works really well.

As Dave mentioned, there is a great little login form your client can use. But like you, I didn't want to make my client sign into their newsletter tools immediately after signing into their general purpose CMS. So I took the login form and put in on one of the admin-only pages on my site. I pre-populated the form with their Campaign Monitor username and password. Then I hid the form ("display:none;" in CSS). I put a link on their admin page that says "manage newsletters". When they click this link I use JavaScript to submit the form (don't forget to "return false; on the link) and it takes them into their CM account.

The end result is that my client only logs in once and never feels like they're leaving the system that I've put together for them.

The only downside of this that I've thought of is that I have to store their CM login information as plaintext in my client's database. This isn't an issue for the site I'm working on, but I could see how it could be a deal-breaker for some projects/clients/developers.

Alex D, 8 years ago

I do this in my system. I store the clients CM username and password in the database for my CMS. When I want to send the user to the main CM interface I just have open a new window and send that info as a POST.


Alex Duffield - Owner
InControl Solutions
pbernardo, 8 years ago

Ok i was having the exact problem. Thank you all for the ideas.

trexart, 8 years ago

For the people using this method, what do you do if people change their password through the CM administration? Doesn't that mess up your automatic login?


nickdunkman, 8 years ago


When they click the login button on my site, I set the username/password back to what i have stored, through the API  (Client.UpdateAccessAndBilling).  Then I log them in.


denniscurtains, 7 years ago

On our site we store the clients CM username and password in a database. This keeps the data seperate from normal navigation.

paul.mcgann, 7 years ago

We needed a seamless logon for our CMS. To over come the problem we created a link from the CMS to a dummy page. On the dummy page we requested the username and password for CM setup against the user. Then we simply built up a url with the username and password already in the url and redirected to the url.

URL : ''

NickoLabs NickoLabs, 7 years ago
paul.mcgann :

URL : ''

Nice workaround.

But I hope the redirection URL is encrypted (or similar process), or any "sniffer" (a program that listen to outgoing and incoming network traffic and URL calls such as POST, GET, etc.) on your network could collect the connection credential and use them for their own profit. (edit: Well, they could as well grab what the form itself is sending...)

Of course, "what can someone does with CM's credential that would be harmful?" you might ask... Most user use the same password on every site they go and use. Email accounts or even Bank accounts could be gathered from such a simple URL.

Ok, I'm a bit paranoiac when it come to securing that stuff... but I've had my share of trouble with unsecured website / network. I don't want to scare anyone, it's just a simple reminder of basic security measures. Better safe then sorry!

Edit: Since I'm on the topic... are there any security measures taken at CM for ... securing one's access to the system? Any plans putting the App behind HTTPS protocol?

Nickolas Simard
Multimedia integrator: Strategy & Web development
scottfullerton, 6 years ago
denniscurtains :

On our site we store the clients CM username and password in a database. This keeps the data seperate from normal navigation.


When you store this information separate do you think that it keeps the data more secure. We have had a real concern for data security and storage.

Scott Fullerton - Owner
Paylon LLC
Paylon Industrial Doors
lsilver, 6 years ago

I'm not a developer so please bare with me. I'm trying to learn how to use the API.

I want to retrieve a specific client's username and password. Using the sample PHP code found within get_clients.php, I see where I can retrieve the username. But I haven't been able to find which part of the API I use to retrieve the password.

Also, how do i specify the Client ID that I want to retrieve? The sample code for get_clients.php requires the ID of the client you wish to look up. I know I can retrieve all clients but how do I include the ID of the specific client I'm trying to work with?

jamesd jamesd, 6 years ago

You cannot retrieve a client's password via the API. We store one-way hashes of both designer and client passwords, so we cannot even retrieve passwords ourselves.

You can set a client's password via the API. Exposing passwords via an API would just be plain insecure.

mdi1984, 6 years ago

I didn't read all the responses but i think what you're trying to do can be accomplished by making a CURL call or a javascript call to the campaignmonitor login script after your client logs into your cms. all you need are the CM users credentials somewhere in your local database. the cm cookie will then be saved no the clients machine and he will be logged in automatically in cm. if you don't have the users CM credentials, you could make a api call to change the users cm pw to the cms pw, everytime the user signs into your cms.

shovels, 6 years ago

Can CM confirm whether or not it's possible to use CURL to log a use in?

Also, just to re-iterate my request to have an option in the 'master' account to disable 'change username & password' for all child accounts. This can then be solely managed via our own CMS/CRM

See why 200,000 companies worldwide love Campaign Monitor.

From Australia to Zimbabwe, and everywhere in between, companies count on Campaign Monitor for email campaigns that boost the bottom line.

Get started for free