SSO website screenshot

SSO

Single Sign-On (SSO) is an authentication technology that allows users to log in once and gain access to multiple related applications and services without re-authenticating. SSO implementations rely on protocols such as SAML 2.0, OpenID Connect (OIDC), and OAuth 2.0. Major identity providers including Okta, Microsoft Entra ID, Google, Ping Identity, Auth0, and Keycloak expose SSO APIs that allow applications to integrate federated authentication, token exchange, assertion validation, and session management.

2 APIs 0 Features
AuthenticationAuthorizationIdentityOAuthOIDCSAMLSecuritySingle Sign-OnSSO

APIs

SAML SSO Authentication API

The SAML 2.0 Single Sign-On API enables service providers and identity providers to exchange authentication assertions via XML-signed messages. It supports HTTP Redirect Binding...

OpenID Connect (OIDC) Authentication API

The OpenID Connect (OIDC) API is a lightweight identity layer built on top of OAuth 2.0. It enables applications to verify user identity through the Authorization Code Flow, Imp...

Collections

Pricing Plans

Sso Plans Pricing

3 plans

PLANS

Rate Limits

Sso Rate Limits

5 limits

RATE LIMITS

FinOps

Sso Finops

FINOPS

Semantic Vocabularies

Sso Context

32 classes · 5 properties

JSON-LD

API Governance Rules

SSO API Rules

10 rules · 3 errors 7 warnings

SPECTRAL

JSON Structure

Sso Saml Assertion Structure

8 properties

JSON STRUCTURE

Example Payloads

Resources

🔗
Specification
Specification
🔗
Specification
Specification
🔗
Specification
Specification
👥
GitHubOrg
GitHubOrg
🔗
JSONLD
JSONLD
🔗
JSONSchema
JSONSchema
🔗
JSONSchema
JSONSchema
🔗
Vocabulary
Vocabulary
🔗
SpectralRules
SpectralRules

Sources

Raw ↑
opencollection: 1.0.0
info:
  name: SAML 2.0 SSO API
  version: '2.0'
items:
- info:
    name: Authentication
    type: folder
  items:
  - info:
      name: Initiate SAML SSO Login
      type: http
    http:
      method: GET
      url: https://your-idp.example.com/saml/sso
      params:
      - name: SAMLRequest
        value: ''
        type: query
        description: Base64-encoded and URL-encoded deflated AuthnRequest XML document
      - name: RelayState
        value: ''
        type: query
        description: An opaque value used to maintain state between the request and callback. The SP includes this value and
          the IdP passes it back unchanged.
      - name: SigAlg
        value: http://www.w3.org/2001/04/xmldsig-more#rsa-sha256
        type: query
        description: The algorithm used to sign the request, required when using HTTP Redirect Binding with signatures.
      - name: Signature
        value: ''
        type: query
        description: Base64-encoded signature of the request, required when using signed HTTP Redirect Binding.
    docs: Initiates a SAML 2.0 Single Sign-On login flow via HTTP Redirect Binding. The identity provider receives a SAMLRequest
      parameter containing a base64-encoded and deflated AuthnRequest XML document. On successful authentication, the IdP
      redirects back to the SP's Assertion Consumer Service (ACS) URL with a SAMLResponse.
  - info:
      name: Receive SAML Assertion Consumer Service
      type: http
    http:
      method: POST
      url: https://your-idp.example.com/saml/sso
      body:
        type: form-urlencoded
        data:
        - name: SAMLResponse
          value: ''
        - name: RelayState
          value: ''
    docs: Assertion Consumer Service (ACS) endpoint for receiving SAML 2.0 responses from the identity provider via HTTP POST
      Binding. The SP receives a base64-encoded SAMLResponse containing a signed SAML assertion, validates the signature and
      assertion, and establishes a session for the authenticated user.
- info:
    name: Logout
    type: folder
  items:
  - info:
      name: Initiate SAML Single Logout
      type: http
    http:
      method: GET
      url: https://your-idp.example.com/saml/logout
      params:
      - name: SAMLRequest
        value: ''
        type: query
        description: Base64-encoded deflated LogoutRequest XML
      - name: SAMLResponse
        value: ''
        type: query
        description: Base64-encoded deflated LogoutResponse XML from IdP
      - name: RelayState
        value: ''
        type: query
        description: Opaque state value
      - name: SigAlg
        value: ''
        type: query
        description: Signature algorithm URI
      - name: Signature
        value: ''
        type: query
        description: Base64-encoded request signature
    docs: Initiates a SAML 2.0 Single Logout (SLO) flow via HTTP Redirect Binding. Sends a LogoutRequest to the identity provider
      to terminate the SSO session. The IdP propagates the logout to all other service providers in the SSO session.
- info:
    name: Metadata
    type: folder
  items:
  - info:
      name: Get SAML Metadata
      type: http
    http:
      method: GET
      url: https://your-idp.example.com/saml/metadata
    docs: Returns the SAML 2.0 metadata XML document for this identity provider or service provider. The metadata document
      contains entity ID, SSO binding endpoints, certificate for signature verification, and supported NameID formats required
      for federation configuration.
bundled: true