Single sign-on (SSO)

Single sign-on (SSO) feature of the Paybis API enables your authenticated customers to avoid repeated logon in the Widget application.

⚙️

Prerequisites

Receive confirmation from your Paybis integration manager that the Single Sign-On (SSO) feature has been enabled for your partner account before starting to use this feature. This is done during the onboarding process.
Partner should sign requests

Single sign-on (SSO) flow for Private and Public APIs

1. Check that the user has an active session on your website.
2. Call the Private API endpoint POST /Private Request OR the Public API endpoint POST /Public Request with the passwordless flag set to true, partnerUserId (both are required) parameters, and email, as an optional parameter.
3. Paybis system generates and returns in the POST /Private Request OR POST /Public Request endpoint response containing oneTimeToken along with the requestId.
   Note If email is not provided, the system will establish a relationship using the partnerUserId and validate it against a valid oneTimeToken.
4. Pass the retrieved oneTimeToken as an extra SDK parameter upon widget initialization or in query parameters if you are using the Direct URL Integration.
5. If the supplied oneTimeToken is valid, the customer is automatically logged in to the widget: email verification step is skipped in the Widget journey.

⚠️

oneTimeToken expiration is 15 min.