Konnec.to
Request demoTalk to sales
Back to docs

SSO Authentication

Konnec, supports creations and session generations apis, that can be leveraged to setup a custom minimal effort SSO flow.

As soon as you onboard, an API Key is generated for the organization, this api can be found at Integrations Page. Use your organization API key to create a seamless SSO experience between your platform and Konnec.

Overview

The flow uses a redirect URL stored in your organization configuration and a refresh token passed back to Konnec.

Key pieces:

  • ORGANIZATION_API_KEY: Authenticate server-to-server calls from your platform.
  • AUTH_REDIRECT_URL: Where Konnec should send users to begin SSO on your platform.
  • Query param to return to Konnec: refresh-token.

Step-by-step

  1. configure the AUTH_REDIRECT_URL in Settings > UX > Auth Redirect URL

image.png

  1. Grab your ORGANIZATION_API_KEY from Settings > Integrations

image.png

  1. Now depending on the configuration, user will be redirected to the AUTH_REDIRECT_URL from konnec
  2. On your platform, authenticate the user.
  3. If the user does not exist in Konnec, call the Create User API using ORGANIZATION_API_KEY.

ORG_ID="my-organization-id"          # e.g. "my-community"
ORG_API_KEY="your-org-api-key-here"  # org.apiKey from Integrations page
USER_NAME="johndoe"                  # username/handle in Konnec

curl -X POST "https://<YOUR_API_BASE_URL>/api/organization/${ORG_ID}/user/${USER_NAME}/update" \
  -H "Content-Type: application/json" \
  -H "x-org-id: ${ORG_ID}" \
  -H "x-api-key: ${ORG_API_KEY}" \
  -d '{
    "name": "John Doe",
    "role": "USER",
    "picture": "https://example.com/avatar.jpg"
  }'
  1. Call the Refresh Token Generate API using ORGANIZATION_API_KEY to obtain a refresh token for the user.

ORG_ID="my-organization-id"          # e.g. "my-community"
ORG_API_KEY="your-org-api-key-here"  # org.apiKey from Integrations
USER_NAME="johndoe"                  # existing userName in Konnec

curl -X POST "https://<YOUR_API_BASE_URL>/api/organization/${ORG_ID}/user/${USER_NAME}/generate-token" \
  -H "x-org-id: ${ORG_ID}" \
  -H "x-api-key: ${ORG_API_KEY}"
  1. Redirect the user back to Konnec and include the refresh token as a query param.

Example:

https://konnec.to?refresh-token=<refresh_token>
  1. Konnec reads the refresh-token param, exchanges it for a session token, and the user is authenticated.

Notes

  • Keep the ORGANIZATION_API_KEY on your server only.
  • The refresh token should be generated server-side and passed to Konnec only once per login flow.

If you want help wiring this to your existing auth system, reach out and we can walk through it together.