APIs to fetch tokens
post
https://yourapp.saasbox.net
/api/user-token-otc
JWT fetching
Use case:
This API call fetches a JWT token with the user data structure using a one time code (OTC). This is typically used to start a user session on a standalone application living in yourapp.domain.com.
- 1.User logs in at yourapp.saasbox.net
- 2.User is redirected to yourapp.domain.com where your application lives.
- 3.yourapp.domain.com application uses the OTC in the query parameters, the SaaSBox application ID and api key to make this request, fetch the JWT and start a user session.
- 4.The above is handled by the package sbox-auth-next for NextJS.
post
https://yourapp.saasbox.net
/api/userByOTC
Fetches user data by OTC
Use Case:
If you develop an application that is embedded inside SaaSBox (E.g. using Retool, Bubble, others or a plain React code embed), the OTC passed to your application in the query parameters is used for receiving back the user data for the embed.
How it works:
- 1.Nocode application is configured to make this API call back to SaaSBox (e.g. using API builder tool that is typically available inside the nocode tool, see our examples)
- 2.The nocode application is embedded as an iframe inside the SaaSBox user dashboard
- 3.SaaSBox passes an OTC to the embed url as a ?otc=<otc> query parameter
- 4.The application then reads the query parameter and uses it as a body argument to make this call back to SaaSBox
- 5.The nocode application receives the per-user data, such as user name, email, profile picture, but also and most importantly, the user's subscription plan details.