Single Sign On API
Support avatar
Written by Support
Updated over a week ago

October 20, 2017
Updated:  March 1, 2020

Single Sign On functionality is intended for third party Customer service providers logging in to a domain.

Please see the attached file at the bottom of the page for an example of how to implement and receive the link necessary for Single Sign On. Implementing Single Sign On directly is an advanced feature and is only necessary for tight integration of to call center software. Most call centers will be able to use our agent portal to manage single sign on for call center agents.

There are URL based integrations that can be used to link call center software (e.g. Five9) to Platform single sign on. When you are assigned a single sign on account as a call center, you will be assigned a group ID. Your system will also need to have knowledge of the client subdomain that you are attempting to access. The format for the "pop URL" will be:

For example, if you are assigned group_id=21 and are attempting to connect to client_subdomain=demoaws:

If the agent has not logged into before, they will be prompted to login with their assigned username/password, but then be directed straight to the Platform for demoaws (e.g. The next time the agent takes a call and is directed to a new Platform, they should not have to sign in as long as the session has not timed out. For example if the next call is for client_subdomain=sandboxdemo, the next pop URL will be:

This would take the agent straight into sandboxdemo ( without logging in again.

In the case that a call center wants to directly implement the low level SSO API, the following information would need to be provided by to the call center partner.

The required fields to make a successful request are:

  • Platform-Key (This will be given to you by

  • department_id (These will be given to you by

  • username (your agents should have unique usernames in order to track activity of an agent)

  • fullname (full name of the agent)

To perform the request, you will send a cURL request to https://<APPKEY> where <APPKEY> is the client that you are requesting the token from. For example, a request would be sent to

In the headers of the request, include the following:

  • Content-type: application/json,

  • Platform-Key: <PLATFORM_KEY>

The <PLATFORM_KEY> value will be provided to you by In addition, a whitelist of IP addresses from the call center that will be making this SSO request MUST be provided to in order to set this up.

Finally, for the data portion of the cURL you will include the parameters for the request in JSON format. The required fields are listed above. There are optional fields that can be added to the request:

  • campaign_id (This is a csv of the campaign IDs that the user will have permission to, if you leave this parameter blank, will assume that the user has access to all campaigns)

  • email (the email address of the agent)

  • call_center_did (inbound phone number the customer called into)

  • customer_cid (customer phone number via caller ID)

The response returned will be in JSON format. The values returned are as follows:

  • success

  • code

  • url

  • message

  • status

  • descriptor

A successful response will return a success of 1 and code of 200.  

Any failures will return a success of 0, the code for the failure that occurred, and a message with a description of why the request has failed.

// Be sure to update the <APPKEY> and <PLATFORM_KEY> accordingly

$username      = '';
$fullname      = '';
$department_id = '';

$headers = [
   'Content-type: application/json',
   'Platform-Key:  <PLATFORM_KEY>',

$data    = [
   'username'      => $username,
   'fullname'      => $fullname,
   'department_id' => $department_id,

$curl = curl_init();

      CURLOPT_URL            => 'https://<APPKEY>',
      CURLOPT_TIMEOUT        => 30,
      CURLOPT_HTTPHEADER     => $headers,
      CURLOPT_POSTFIELDS     => json_encode($data),

$response = curl_exec($curl);


if ($results = json_decode($response))
   echo 'Something went wrong. Double check your configuration.';

Instructions to login from portal SSO URL:

  1. Administrators that login with an email address need to log in from main portal URL, once you are in you will go to Groups, from the menu up top, click on the group name that you wish to connect and manage your group from there. Administrators can be associated with multiple groups at once.

  2. Users that login with a username (not email address), created by Administrators within the SSO group, need to login from the SSO URL. The format of their direct URL will be:

Did this answer your question?