Service API Module

SDK helpers for API-key-authenticated backend operations.

Updated May 10, 2026 Edit this page

Service API Module

sso.serviceApi is available when the client is initialized with an API key.

Common methods

  • listUsers(...)
  • getUser(userId)
  • createUser(payload)
  • updateUser(userId, payload)
  • deleteUser(userId)
  • listSubscriptions(...)
  • getSubscription(userId)
  • createSubscription(payload)
  • updateSubscription(userId, payload)
  • deleteSubscription(userId)
  • getAnalytics()
  • getServiceInfo()
  • updateServiceInfo(payload)

Provider tokens

requestProviderToken(request)

Requests a backend-only third-party access token for an AuthOS user.

const result = await sso.serviceApi.requestProviderToken({
  user_id: 'user_123',
  provider: 'github',
  scopes: ['repo'],
});

The result is either:

  • an immediate token response, or
  • an action_required response with a re-auth URL for the user-facing completion flow

When action_required is returned, open result.reauth_url exactly as returned. The URL is a one-time hosted AuthOS flow, typically /connect/provider-token/:state, and is already bound to the service, AuthOS user, provider, requested scopes, and registered callback URI.

Do not construct or substitute an AuthOS dashboard URL such as /settings/connections. Provider-token reauth is an end-user service flow and must return the user to the requesting app after consent; it must not require organization onboarding.