SDK Overview
Integrate Misar SSO and identity management into your application
What is the Misar ID SDK?
The Misar ID SDK wraps the id.misar.io/api REST API, providing:
- SSO — Cross-TLD single sign-on across all Misar products
- Session management — Check and refresh authenticated sessions
- Account management — User data export and GDPR deletion
API Surface
| Endpoint | Method | Description |
|----------|--------|-------------|
| /api/sso/check | GET | Check if the current user has an active SSO session |
| /api/sso/init | POST | Initiate SSO — generate a redirect URL with a signed token |
| /api/sso/verify | POST | Verify an inbound SSO token and exchange for a local session |
| /api/sso/logout | POST | Federated logout across all Misar products |
| /api/session/check | GET | Check session validity and return user claims |
| /api/account/delete | DELETE | Permanently delete a user account (GDPR right to erasure) |
| /api/account/export | GET | Export all user data as JSON (GDPR data portability) |
Available SDKs
| Language | Package |
|----------|---------|
| TypeScript / JavaScript | @misar/sso |
| Python | misar-sso |
| Go | github.com/misarai/misar-sso-go |
| PHP | misarai/misar-sso-php |
| Ruby | misar-sso gem |
SSO Flow
User visits protected page on misar.dev
↓
Middleware calls GET /api/sso/check
↓ (logged in)
POST /api/sso/init → returns redirect URL with signed JWT
↓
User redirected to misar.dev with token
↓
misar.dev calls POST /api/sso/verify → creates local Supabase session
Authentication
Server-to-server calls use the shared SSO_JWT_SECRET. Client-facing calls use the user's existing .misar.io cookie session.