SSO (Single Sign On)

API Reference: SSO API

Log in users to their account using a Single Sign On method.


Requires directory token

SSO is available for directory owners having a directory token. Not all accounts are eligible.

The SSO process consists of two simple steps:

Step1: Creating a one-time token

curl --location --request GET '{STAFF_UID}' \
--header 'Authorization: Token token="{DIRECTORY_TOKEN}"'


  "sso_token": "aaabbbcccddd111222333444",
  "expires_at": 1666169052


Token expiration time

The returned token will remain valid for 30 minutes (expires_at value is in microseconds).

β†’ Use the business_uid to log in users with admin access.
β†’ Alternately use the staff_uid to log in users as specific staff members (Please refer to the staff API reference).

Step 2: Build the SSO login URL

Copy-paste the below URL and replace {SSO_TOKEN} with the token you received in step 1.{SSO_TOKEN}

Deep links

If you want the user to land on a specific page in the system right after the SSO login (i.e a particular page of invoice, etc), you can append the "redirect_to" query param to the SSO URL and specify the desired path.
The path should be relative to the main application domain and start from "/app/PATH". See example:{SSO_TOKEN}&redirect_to=/app/invoices/ru7q9qlt7cp4hfni

This will land the user here: