Sign On Account Web Service Specification

Overview 

Sign-On Account 

This service will allow existing users to pass directly into Aimbase without having to authenticate. To get an existing account's AccountUid value, see the Account Search API.

Endpoint URL  

https://{baseaddress}/api/Security/SignOnAccount 

Request 

The request is an HTTP Post to the endpoint. The Content-Type header may be application/json (if sending the request in a JSON format) or application/xml (if sending the request in an XML format).  The request body must contain all required fields.  The ApiToken header with a valid API token must be included in the message header. 


Field 

Max Length 

Req’d 

Description 

AccountUid 

 

Yes 

The unique identifier of the account that is being signed on. 

LandingPageUrl 

 

No 

The url path that the user account should be sent to after the authentication process is complete and the user has been redirected to Aimbase.  This should be the relative path from the base url. 

Example JSON 

{ 
    "AccountUid" : "513D04E7-5E20-4E99-93CB-53DA06549FA2", 
    "LandingPageUrl":"/CSI/Registration" 
} 

 

Example XML 

<SignOnAccount> 
      <AccountUid>513D04E7-5E20-4E99-93CB-53DA06549FA2</AccountUid> 
      <LandingPageUrl>/CSI/Registration</LandingPageUrl> 
</SignOnAccount> 

Response 

If the request is valid the return message will have an HTTP Status Code of 200 (OK) and contain a session token value.   

Example JSON 

"1ea0934d-ef65-4ae2-b513-8ed5d8a64e52" 

Example XML 

<string>1ea0934d-ef65-4ae2-b513-8ed5d8a64e52</string> 

This session token value needs to be immediately redeemed by redirecting the user to the sso landing page with the session token appended to the url.  The session token will expire 15 seconds after being issued. 

Landing Page Url: 

https://{baseaddress}/Account/SingleSignOn/{session token}?returnUrl={return url} 


If the request format is incorrect, the return message will have an HTTP Status Code of 400 (Bad Request) and the response body will contain an error message. 

Example JSON 

{"Message":"The AccountUid field is required."} 

Example XML 

<Error><Message>The AccountUid field is required.</Message></Error> 


If the request content is incorrect or another error occurs in the service, the return message will have an HTTP Status Code of 500 (Internal Server Error) and the response body will contain an error message. 

Example JSON 

{"Message":"Hierarchy code ‘Brands’ was incorrect."} 

Example XML 

<Error><Message> Hierarchy code ‘Brands’ was incorrect.</Message></Error>