Admin SSO & health
Admin SSO
POST /api/s2s/admin-sso mints a short-lived single-sign-on link that drops one
of your operators straight into the LootBox Solutions admin — useful for
embedding box configuration, reporting, and fairness tooling inside your own
back office without a separate login.
POST https://{operator}.app.lootboxsolutions.com/api/s2s/admin-sso{ "adminExternalId": "op_77", "email": "ops@casino.example", "displayName": "Casino Ops", "returnPath": "/admin/boxes"}| Field | Required | Notes |
|---|---|---|
adminExternalId | ✅ | Stable id of the operator in your system. |
email | — | Used to match/provision the admin user. |
displayName | — | Shown in the admin UI. |
returnPath | — | Where inside the admin to land (default dashboard). |
{ "ssoUrl": "https://{operator}.app.lootboxsolutions.com/admin/sso?ticket=…", "expiresAt": "2026-06-03T12:01:00Z" }Redirect the operator to ssoUrl, or embed it. The ticket is short-lived and
single-use. Grant operators the appropriate roles in the admin so SSO respects
their permissions.
Health
GET /api/s2s/health is a signed liveness probe.
{ "status": "ok", "time": "2026-06-03T12:00:00Z" }Use it for uptime monitoring and to verify your signing setup end-to-end before
wiring real flows — a 200 here means your HMAC envelope is correct.