This API call fetches a JWT token with the user data structure using a one time code (OTC). This is typically used to start a user session on a standalone application living in yourapp.domain.com.
User logs in at yourapp.saasbox.net
User is redirected to yourapp.domain.com where your application lives.
yourapp.domain.com application uses the OTC in the query parameters, the SaaSBox application ID and api key to make this request, fetch the JWT and start a user session.
The above is handled by the package sbox-auth-next for NextJS.
JWT fetching with Bubble or Retool
Fetches user data by OTC
If you develop an application that is embedded inside SaaSBox (E.g. using Retool, Bubble, others or a plain React code embed), the OTC passed to your application in the query parameters is used for receiving back the user data for the embed.
How it works:
Nocode application is configured to make this API call back to SaaSBox (e.g. using API builder tool that is typically available inside the nocode tool, see our examples)
The nocode application is embedded as an iframe inside the SaaSBox user dashboard
SaaSBox passes an OTC to the embed url as a ?otc=<otc> query parameter
The application then reads the query parameter and uses it as a body argument to make this call back to SaaSBox
The nocode application receives the per-user data, such as user name, email, profile picture, but also and most importantly, the user's subscription plan details.