DoneIsBetter SSO API Reference

API Version: 1.0.0

Getting Started

The DoneIsBetter SSO API enables seamless authentication integration for your applications. This reference provides detailed information about all available endpoints, authentication flows, and integration patterns.

// Initialize the SSO client
const sso = new SSOClient('https://sso.doneisbetter.com');

// Check authentication status
const session = await sso.validateSession();
if (session.isValid) {
  console.log('User:', session.user);
}

Authentication

Endpoints

POST /api/users/register

// Request
POST https://sso.doneisbetter.com/api/users/register
Content-Type: application/json

{
  "username": "user@example.com"
}

// Response
{
  "message": "User registered successfully",
  "user": {
    "id": "user_id",
    "username": "user@example.com",
    "permissions": {
      "isAdmin": false,
      "canViewUsers": false,
      "canManageUsers": false
    }
  }
}

GET /api/sso/validate

Validate current session status.

// Request
GET https://sso.doneisbetter.com/api/sso/validate

// Response
{
  "isValid": true,
  "user": {
    "id": "user_id",
    "username": "user@example.com",
    "permissions": {
      "isAdmin": false,
      "canViewUsers": false,
      "canManageUsers": false
    }
  },
  "session": {
    "expiresAt": "2025-07-21T16:43:47Z"
  }
}

POST /api/users/logout

End the current session.

// Request
POST https://sso.doneisbetter.com/api/users/logout

// Response
{
  "message": "Logged out successfully"
}

Error Handling

The API uses standard HTTP status codes and returns detailed error messages:

400 - Bad Request (invalid input)
401 - Unauthorized (invalid or expired session)
403 - Forbidden (insufficient permissions)
404 - Not Found
500 - Internal Server Error

// Error Response Example
{
  "error": "Session expired",
  "message": "Your session has expired. Please sign in again.",
  "code": "SESSION_EXPIRED"
}

CORS Configuration

To enable cross-origin requests, your domain must be registered with our service. Contact support to add your domain to the allowed origins list.

// Required Headers
Origin: your-domain.com
Content-Type: application/json

// CORS Headers in Response
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: your-domain.com
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: Content-Type, Authorization

Client Libraries

// NPM Installation
npm install @doneisbetter/sso-client

// Yarn Installation
yarn add @doneisbetter/sso-client

Available Libraries

JavaScript/TypeScript (@doneisbetter/sso-client)
Python (doneisbetter-sso)
Go (github.com/doneisbetter/sso-go)
Java (com.doneisbetter.sso)

Rate Limiting

API endpoints are rate limited to ensure service stability:

Authentication endpoints: 10 requests per minute
Session validation: 60 requests per minute
User management: 30 requests per minute

// Rate Limit Headers
X-RateLimit-Limit: 60
X-RateLimit-Remaining: 58
X-RateLimit-Reset: 1627399287

Support

Email: support@doneisbetter.com
Documentation: https://sso.doneisbetter.com/docs
GitHub: https://github.com/doneisbetter/sso