API Reference
Start typing to search…

SSO API

get
https://api.vcita.biz/v1/partners/sso/token

Overview

Create a one-time token for Single Sign On (SSO) login.

Available for Directory tokens only.

Authentication

Uses HTTP Token authentication. Format: Authorization: Token token="{DIRECTORY_TOKEN}"

The token must be a Doorkeeper OAuth token with directory scope.

SSO Process

Step 1: Call this endpoint to create a one-time SSO token.

Step 2: Build the SSO login URL using the token: https://api.vcita.com/v1/partners/sso/login?staff_uid={STAFF_UID}&sso_token={SSO_TOKEN}

Deep Links

To redirect users to a specific page after login, append the redirect_to query param: https://api.vcita.com/v1/partners/sso/login?staff_uid=xxxzzz111&sso_token={SSO_TOKEN}&redirect_to=/app/invoices/ru7q9qlt7cp4hfni

Impersonation

To create an impersonation session, include the operator_uid parameter. This adds the operator as the actor_uid with actor_type as operator.

Note: The returned token is valid for 30 minutes. The expires_at value is in microseconds.

Query Params
string
required

The staff UID to create the SSO token for. Use this to log in users as specific staff members. If you want admin access, use the business owner's staff_uid.

string

Optional. The operator UID for impersonation sessions. When provided, the operator is set as the actor_uid with actor_type as operator, simulating an impersonation session.

Headers
string
required

HTTP Token authentication. Format: Token token="{DIRECTORY_TOKEN}". The token must have directory scope.

Responses

Updated 2 months ago

Language
Response 
Click Try It! to start a request and see the response here! Or choose an example:
application/json
Updated 2 months ago