Platform SSO
Platform SSO enables single sign-on for an operator or any enabled account. Using Xenioo SSO API, you can automatically login any user to a specific chatbot if the user is the current owner of the chatbot or is part of the team at any level.
Calling this endpoint requires the SSO Login package. Please be sure to get in touch with Xenioo to discuss your use case and enable the package.

Request

The following request will generate a SSO token for the user [email protected] for a given chatbot.
1
curl --location --request POST 'https://<NODE>.xenioo.com/authorization/sso' \
2
--header 'Content-Type: application/json' \
3
--data-raw '{
4
"AccountAPIKey":"<...>",
5
"BotAPIKey":"<...>",
6
"BotAPISecret":"<...>",
7
8
}'
Copied!

Response

If successful, the response will contain a valid SSO API Token and the full link to the SSO url that can be used in the browser to automatically login the user. The generated toke will expire after 60 minutes..
1
{
2
"Home":"https://<NODE>.xenioo.com/...",
3
"Token":"<...>",
4
"Expires": 60
5
}
Copied!
The token generated cannot be used for any other type of Platform API requests.

Redirecting and Logout

The Home property of the response contains the full url root of the target chatbot interface. You can add, at the end of the url, the navigation fragments of the section you need to reach and, if the token contains sufficient permissions, Xenioo will automatically redirect the user there.
As an example, given the following Home value:
1
https://dev.xenioo.com/auth/sso/<token>
Copied!
You could redirect your user to the selected bot conversation section adding the navigation section at the end:
1
https://dev.xenioo.com/auth/sso/<token>/conversation
Copied!
If your SSO package also contains the embeddable option, the standard Xenioo header would not be visible. To logout the current user, just call the standard SSO token url adding /logout at the end like in the following example:
1
https://dev.xenioo.com/auth/sso/<token>/logout
Copied!

Response Codes

This endpoint will reply with the following standard HTTP codes.
Code
Meaning
200
Ok. The request has been successfully fulfilled.
400
Bad Request. The request is incomplete or cannot be carried on with the supplied data.
404
Not Found. The specified chatbot, account or team member have not been found.
Last modified 5mo ago