# Basic Single Sign-On

The front end user portal can be used by integrating a Single Sign-On solution. This allows end-users to sign in to only one platform and then not have to sign-in to the user portal afterwards. Single Sign-On is achieved by using the API to produce an **access_token** and then using that token to log the user into the platform.

## Requirements

There are two requirements before using the Single Sign-On features:

1. Having access to an API key.
2. Having an existing set of users.


details
summary
strong
API Key
The API key can be retrieved from the front-end user platform by any admin-level user. This is done by going to the top-right of the screen into the DropDown List with the current user's email address and clicking on API keys. Both the Private Key and the Public Key will be shown.

***These keys are confidential and should not be communicated via email.**

![API Key image](/assets/apikey.4e89588ce941e64850d35e439e95c76434e0fd520809e3cdf0785bd9baad6a05.33f780a6.png)

details
summary
strong
User Creation
Before authenticating users with SSO, those users need to already have been created. Manual user creation is explained [here](https://uberall.helpjuice.com/userrights/378254). This can also be achieved via API with [this](https://docs.uberall.com/apis/swagger/users/post_users) call.


```json
***This is only an example and is not the only way to formulate the body of this call.

POST https://uberall.com/api/users

headers = {
              "privateKey": $API_KEY, 
              "Content-Type": "application/json"
          }

body = {
              "role": $USER_ROLE,
              "salutation": $USER_SALUTATION,
              "firstname": $USER_FIRSTNAME,
              "lastname": $USER_LASTNAME,
              "email": $USER_EMAIL,
              "features": [$USER_FEATURE_1, $USER_FEATURE_2],
              "whitelabelInformationIdentifier": $USER_WHITELABEL_IDENTIFIER,
              "status": $USER_STATUS,
              "identifier": $USER_IDENTIFIER,
              "emailSettings": [
                          {
                              "emailType": "DIGEST",
                              "frequency": $USER_DIGEST_FREQUENCY
                          },
                          {
                              "emailType": "UNREAD_REVIEW_NOTIFICATION",
                              "frequency": $USER_REVIEW_NOTIFICATION_FREQUENCY
                          }
                      ],
              "managedBusinesses": [$USER_MANAGED_BUSINESS_1, $USER_MANAGED_BUSINESS_2],
              "preferredLanguage": $USER_PREFERRED_LANGUAGE
          }
```

All the available fields values can be viewed in the [full API documentation](https://docs.uberall.com/apis/swagger/users/post_users).

## Signing In With The API

There are different methods to authenticate a user and retrieve an acces_token. All these methods use the same API endpoint. The full user authentication API call documentation can be found [here](https://docs.uberall.com/apis/swagger/users/post_users_login).

Note that the *access_token* has a time to live and expires, so make sure you take this into account in your user proviosing flow.

details
summary
strong
Email and password combination
Requires the user to have an assigned known password.
Use the following API call to authenticate a user with the email and password combination:


```json
POST https://uberall.com/api/users/login

headers = {
              "Content-Type": "application/json"
          }
body = {
          "email": $USER_EMAIL,
          "password": $USER_PASSWORD
      }

response:
{
  "status": "SUCCESS",
  "response": {
      "access_token": "USER ACCESS TOKEN HERE"
  }
}
```

details
summary
strong
Email and private key combination
Requires the user email address to be known. The user email can be retrieved upon user creation or with [this API call](https://docs.uberall.com/apis/swagger/users/get_users).

Use the following API call to authenticate a user with the email and private key combination:


```json
POST https://uberall.com/api/users/login

headers = {
              "privateKey": $API_KEY,
              "Content-Type": "application/json"
          }
body = {
          "email": $USER_EMAIL
      }

response:
{
  "status": "SUCCESS",
  "response": {
      "access_token": "USER ACCESS TOKEN HERE"
  }
}
```

details
summary
strong
User ID and private key combination
Requires the User ID to be known. The User ID can be retrieved upon user creation or with [this API call](https://docs.uberall.com/apis/swagger/users/get_users).
Use the following API call to authenticate a user with the User ID and private key combination:


```json
POST https://uberall.com/api/users/login

headers = {
              "privateKey": $API_KEY,
              "Content-Type": "application/json"
          }
body = {
          "userId": $USER_ID
      }

response:
{
  "status": "SUCCESS",
  "response": {
      "access_token": "USER ACCESS TOKEN HERE"
  }
}
```

> **Success**
Once the access_token is retrieved, it can be added to the base url for the user portal to authenticate the user:
https://uberall.com/en/app/uberall?access_token=ACCESS_TOKEN_HERE