APIs to fetch tokens

JWT fetching with Next.js

JWT fetching

POST https://yourapp.saasbox.net/api/user-token-otc

Sends an OTC in the call body, receives a JWT object.


Request Body

    jwt: <jwt object>

Use case:

This API call fetches a JWT token with the user data structure using a one time code (OTC). This is typically used to start a user session on a standalone application living in yourapp.domain.com.

  1. User logs in at yourapp.saasbox.net

  2. User is redirected to yourapp.domain.com where your application lives.

  3. yourapp.domain.com application uses the OTC in the query parameters, the SaaSBox application ID and api key to make this request, fetch the JWT and start a user session.

  4. The above is handled by the package sbox-auth-next for NextJS.

JWT fetching with Bubble or Retool

Fetches user data by OTC

POST https://yourapp.saasbox.net/api/userByOTC

Sends a one-time-code to receive back a cleartext user data structure. This call is almost the same as fetching a JWT except the user data is received back in clear text.


Request Body

    is_admin: <true|false> // Is this a SaaS admin, or regular user?
    is_customer: <true|false> // Is this a paid user?
    id: <uuid> // Unique user identifier
    email: "name@domain.com" // User email string
    avatarUrl: "https://<signed url-for-user-profile-picture>,
    otc: "uuid" // The next one-time-code to use in case we need to refresh,
    plan: (plan == null) ? null : { // Admins have a null plan.
        id: <uuid> // Unique plan identifier
        name: "premium" // Plan name, e.g. starter, middle tier, or premium
        description: "string" // Plan description
        limits: plan.limits, // An array of key-value pairs on plan limits.
        features: plan.features // An array of marketing features of the plan.

Use Case:

If you develop an application that is embedded inside SaaSBox (E.g. using Retool, Bubble, others or a plain React code embed), the OTC passed to your application in the query parameters is used for receiving back the user data for the embed.

How it works:

  1. Nocode application is configured to make this API call back to SaaSBox (e.g. using API builder tool that is typically available inside the nocode tool, see our examples)

  2. The nocode application is embedded as an iframe inside the SaaSBox user dashboard

  3. SaaSBox passes an OTC to the embed url as a ?otc=<otc> query parameter

  4. The application then reads the query parameter and uses it as a body argument to make this call back to SaaSBox

  5. The nocode application receives the per-user data, such as user name, email, profile picture, but also and most importantly, the user's subscription plan details.

See our guides on Retool, Bubble, Appsmith to learn more about this use case.

Last updated