SSOfy API

SSOfy API provides two main endpoints for token verification and user data inquiries. Requests are based on HTTP and JSON standards which makes it pretty easy to connect and test.

Before you begin, grab the API Key and Secret from the dashboard's application page. Depending on the application region, you need to also find the API domain to connect to.

Dashboard > Applications

⚠️ Warning

Credentials including Key and Secret aimed to be stored and used on the back-end only and MUST NEVER be revealed and used in front-end code.

SSOfy uses the "Sign and Verify" technique to secure communications between the api client and server and ensure that the request originated from the authorized source.

Requests to the SSOfy server must contain the Signature attribute in the request headers. It is recommended to also add salt when generating the signature to make it more challenging for attackers to try and reverse-engineer the secret key.

As part of your regular security maintenance program, we also advise periodically renewing the application secret key.

In response, SSOfy also adds the signature when delivering events to your server or requesting resources. Unless it's for debugging, make sure to verify the signature.

Signatures MUST ALWAYS be provided in both the request and response headers under the Signature attribute.

To prevent unauthorized access to the data being transmitted, we strongly advise you to enable HTTPS on your end.

ssofyKnowledge Base
At our core, we believe that staying up-to-date with the latest trends and advancements in Authentication and related areas is essential. That's why we take great pride in keeping you informed with the latest insights, updates, and news in this rapidly evolving landscape.


Do you need support?
Submit A Ticket
SSOfy is by Cubelet Ltd.
Copyright © 2024 Cubelet Ltd. All rights reserved.