Single Sign On

This process will remove the need to have your customers log in multiple times if they're already inside your app. In order to utilize this feature, you must make an API request with some server side code.

In this example let's say you have a page at /billing which you want to automatically display billing info for that customer based on who is logged in. When a customer requests that page and before rendering you would make a POST request to the endpoint below. URL:

https://backend.instapayments.io/v1/user/login

AUTHENTICATION: We use Basic Auth to verify your account when calling the endpoint. You can get your API keys on the integrations page in your InstaPayments account. BODY:

{
"email": "the email of the customer in Stripe you want to access"
}

RESPONSE:

 {
 "access_token": "be230ed4731643a9a6a0",
    "login_url": "http://users.instapayments.io/acme/login/link/be230ed4731643a9a6a0"
}

Once you've received this payload, you can render the page and put the login_url behind a button OR you can use it as the src link of an iframe if you wanted to embed the portal in your site. This would be the process for a Ruby on Rails or Node.js Express app with no decoupled frontend.

Depending on your frontend framework, you could also do this by Javascript on the frontend (React, Angular etc.) by calling an authenticated endpoint on your own server which in turn calls ours and returns the link to your frontend.

SECURITY

For security reasons, once a token is used it is invalidated. There is also a 24 hours expiration on the token.

When passing the email into the request body, be sure the end user cannot manipulate that input without verifying they own that email. This could allow a malicious person to gain access to a customer account(s) by passing in a different customer's email.

Only use this endpoint server side. If you make this request through the frontend, it will be blocked by CORS. However, your API keys could still be exposed which would allow them full access to this endpoint.