Single Sign On

A public interface can allow users to be authenticated using an external data source. For example, you may wish to allow your users to login to your support site using the same credentials they use for another service you provide.

In order to authenticate users with SSO, we send a HTTP POST request to an URL you provide containing the username & password the user provided. Your endpoint should then validate the provided credentials and return data to us as appropriate.

The username is sent in a parameter named username and the password is in a parameter named password.

If successful, you should return a hash containing the user's name, e-mail address and a reference to identify that user with a 200 OK status. For example:

    "name": "Adam Cooke",
    "email": "",
    "reference": "123456789"

If the credentials are invalid, you should just return a 403 Forbidden status without any data.

If an customer is authenticated successfully but is not found in your database matching the reference provided, one will be created automatically.

If you wish to automatically authenticate users from your application when logging into your support site, you should look at public interface authentication.

Proudly powered by Katapult. Running on 100% renewable energy.