Web Portal Integration

FibriCheck offers a web portal for healthcare professionals to manage patients who are performing measurements. It's possible to redirect users to a specific page within the portal without that user having to log in, using a pre-generated link that contains authentication information.

Possible use cases for this feature are:

  • Easy redirect - redirect users from the patient record software directly to the correct page in the FibriCheck Portal, without the user having to log in.

  • Context Integration - by using the URL, the FibriCheck Web Portal can be easily embedded in third-party software through an iframe.

Structure of the redirect URL

The image below shows the important parts of the redirect URL:

Example of a single sign-on redirect URL

In the following URL, the parts that need to be replaced are indicated with curly brackets {{ }}:

https://pages.dev.fibricheck.com/consume_ssotoken/?ssoToken={{token}}&redirect=https%3A%2F%2Fpages.dev.fibricheck.com%2Fportal%2F%23%2Fpatients%2F{{userId}}%2Fdetails%2Foverview

How to generate an SSO token?

POST /auth/v2/oauth1/ssoTokens/generate

Executing this endpoint will generate a single sign-on token for the authenticated user. The endpoint does not require a body. This endpoint requires being authenticated through an OAuth1.0 application.

Response

{
    "userId": "6422a0d97db02e7197c8dfcf",
    "createdByApplicationId": "5811ccc246e0fb0006efdc8d",
    "ssoToken": "bc7a175f3e36b7a84aacfcf98428d1ed61d54800",
    "updateTimestamp": "2024-08-12T09:30:57.778Z",
    "creationTimestamp": "2024-08-12T09:30:57.778Z",
    "id": "66b9d651e18f465bbdf5ad7f"
}

Use correct credentials to generate an SSO token

An SSO token will always be generated for the authenticated user executing the API call. As a consequence, the generated token will have the same data access as the authenticated API user. In cases where a single third-party platform serves multiple organizations, it's important to use separate organization-specific credentials to generate the SSO token.

In FibriCheck, data from different organizations is scoped to different groups.

The System Integration User has access to all the data of all organizations using FibriCheck through the third-party platform. When an SSO token, generated using this system integration account, is shared with organization A, that token would also provide access to data of organization B in the FibriCheck portal.

To avoid this, separate HCP users are typically created by FibriCheck that only have access to data of a single group. Always use organization-specific HCP user credentials when generating SSO tokens to ensure access is limited to a single group.

PreviousApp-to-app integrationNextIntroduction

Last updated