Direct SSO Flow

To authenticate a guest via a B2B Integation

This is the recommended method for a B2B integration such as an integrated guest website or a mobile app integration that calls the PX API from a secure backend server.

../_images/sso_single_party.png

Authenticate Guest

POST guestauthentication/authenticateGuest.json

  1. User navigates to integrator’s website (eg. https://www.myawesomewebsite.com/login)

  2. User clicks the login button and is redirected to integrated login page

  3. Guest enters their username and password which is transmitted to Paytronix server via API call.

  4. Paytronix will respond with authenticatedSuccess or noMatchingGuests
    1. If the result is a success, Paytronix will return the guest’s primaryPrintedCardNumber and username. These may then be used to authenticate functionality such as account balance and user information.
    2. If the result is a failure, an error should be provided to the guest. Paytronix will include additional information regarding why the message failed.

  5. Login session should be managed by the integrator.

    See Authenticate Guest for more information

To authenticate a guest via a direct mobile app integation

This is the recommended method for a mobile app integration that calls the PX API directly from the app rather than from a secure backend server. This may also require HMAC enforcement.

../_images/mobile_sso.png

Request Guest Token

POST oauth/requestGuestToken.json

  1. User navigates to integrator’s mobile app

  2. User clicks the login button

  3. Guest enters their username and password which is transmitted to Paytronix server via API call. This should be made using anonymous authentication.

  4. Paytronix will respond with SuccessAccessRefreshTokenResponse if successful

    1. If the result is a success, Paytronix will return the guest’s username along with an access and refesh token. These may then be used to authenticate functionality such as account balance and user information.
    2. If the result is a failure, an error should be provided to the guest. Paytronix will include additional information regarding why the message failed.

  6. Login session should be managed by the integrator.

    See Grant by Username and Password for more information