Single Sign-On
Mint short-lived sign-in tokens so your customers can jump from your systems into their security dashboard without a second login.
Mint short-lived sign-in tokens so your customers can jump from your systems into their security dashboard without a second login. SSO is a two-step flow: your server calls POST /api/v1/sso/token to obtain a token, then redirects the customer's browser to https://{your-portal-domain}/sso?token={token}. The portal validates the token and starts the customer's session.
Tokens are single-purpose and short-lived. Mint one per click-through, never cache or reuse them.
Generate an SSO token
/api/v1/sso/tokenMint a short-lived single-sign-on token for a customer. Redirect the customer's browser to https://{your-portal-domain}/sso?token={token} before it expires; the portal validates the token and signs the customer in.
Body parameters
| Name | Type | Required | Notes |
|---|---|---|---|
client_id | integer | Required | WHMCS client ID of the customer signing in. |
email | Required | The customer's email address. | |
service_id | integer | Optional | Optional WHMCS service ID to land the customer on a specific service. |
curl -X POST 'https://portal.example.com/api/v1/sso/token' \
-H 'Authorization: Bearer $AEGIS_API_KEY' \
-H 'Content-Type: application/json' \
-d '{
"client_id": 1042,
"email": "[email protected]",
"service_id": 2251
}'{
"success": true,
"data": {
"token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9...",
"expires_in": 300
},
"meta": {
"version": "v1",
"timestamp": "2026-07-12T09:30:00+00:00"
}
}Errors
| Code | Status | Meaning |
|---|---|---|
TENANT_NOT_FOUND | 401 | The API key did not resolve to an account. |
TOKEN_GENERATION_FAILED | 500 | The token could not be generated. Try again. |