7.2. Seamlessly logging in users from 3rd-party systems

A 3rd-party system may seamlessly login a user if such user is linked to a 3rd-party system. This is especially useful for IFRAME integration where the login page may be bypassed completely.


:term:`Blockchain` key is still required. Even though the user may be logged in automatically, blockchain key will still be needed for critical transactions, such as transferring the document.


curl -s https://client_id:[email protected]/api/v2/companies/by-id/1/users/by-id/2/login-token/

More info about this method is  available online.


    "login_token": "aabbccdd",
    "expires": "2019-03-18T08:39:38Z",
    "login_url": "https://app.smartbl.io/?login_token=aabbccdd"

The tokens are short lived and are considered for single use. The workflow should be the following:

  • Fetch the token from the API
  • Render the iframe to the user with the appropriate query string (?login_token={login_token}) or use the login_url as the source of the IFRAME.