See the Check token and keys step. The token will be deleted after issue. You can therefore not recheck based on the token. You must work with the issued session in this situation.
A session number is included with the partner page request. A token will be generated for this session number. As long as the session is active, the token will continue to be valid. The procedure is as follows:
- The session number will be included when requesting the partner page.
- Check whether there is a token for this session number. If so, the page can be displayed with the variables that belong to this token. If not, a new token must be requested.
Imagine you want to display a cockpit of an employee on that employee's page. The employee ID must then be passed on to the partner page so that the partner page can display the correct page immediately.
This is present in the SSO solution by default.
When you open the master card page, the employee code will be shown in the URL. This refers to the employee ID of the retrieved employee.
If an integration page is included on this master card page, this 'EmId' will also be sent to the external page. This ensures that it is also known at the external page for whom the information is retrieved.
Example:
The URL of the InSite page:
https://insite.nl/medewerker-stamkaart-mss-prs?EmId=BVE
The URL of the external integration page:
https://extern.nl/integratie?tokenurl=insite.nl/gettoken&code=abc&publickey=123&sessionid=yyy&
EmId=BVE
This works for ALL values that can be found after the question mark in the InSite page URL, therefore also for
among others:
- Dossier item
- Person
- Organisation
- Contact person
- Employee
- Course page
- Subscription
- Organisation/person
- Financial invoice
- Financial entry
- Debtor
- Creditor
- Project
- Team
- Cost estimate
- Event
- 'IB' client
- 'VbP' client
- Product group
- Packing slip
- Sales order
- Sales invoice
- Vacancy
- Applicant
- Forecast
How should I handle a new request from the integration page within the same session?