POST v3/redirects - SSO to Bookshelf eReader

The redirects API supports all instances of the Bookshelf eReader. With this endpoint you can SSO into an account and even open a specific book. 

This endpoint generates one-time URLs that are valid for 120 seconds. When designing your integration with VitalSource make sure to use this endpoint only in real-time. If you need delayed access to Bookshelf accounts please use v4/activation_requests - Create.

This guide covers SSO into the standard library landing page. For other use cases please see this conversion guide.

 Verb/URI 

POST https://api.vitalsource.com/v3/redirects.xml

Data Definitions

Name
Usage
Description
Data Type
Example
Required
destination Message body Destination URL for Bookshelf online eReader  string 

https://bookshelf

.vitalsource.com/books

Yes
brand  Message body If using a customized branded reader, include the URL to the branded reader. If not provided the user will be taken to the VitalSource bookshelf online reader string 

bookshelf.vitalsource.com

 No
{vbid} Message body The unique VitalBookID. This is required to provide access to the proper book. If you try and request a book for a user who does not have the book, a URL will be returned and the user will receive a "You do not have access to this title" error within the Bookshelf system string 

https://bookshelf

.vitalsource.com

/books/{vbid}

 No

 

Request Headers

X-VitalSource-API-Key: ALLCAPSANDNUMBERS
X-VitalSource-Access-Token: lowercaseandnumbers

Request body - default

<?xml version="1.0" encoding="UTF-8"?>
<redirect>
<destination>https://bookshelf.vitalsource.com/books</destination>
<brand>bookshelf.vitalsource.com</brand>
</redirect>

Request body - force upgrade to full account (from a reference user integration)

<?xml version="1.0" encoding="UTF-8"?>
<redirect>
 <destination>https://bookshelf.vitalsource.com/books</destination>
 <brand>full-bookshelf.vitalsource.com</brand>
</redirect>

 

Response

Response body

<?xml version="1.0"?>
<redirect auto-signin="https://jigsaw.vitalsource.com/auth/redirects/KPZXYY5X3TXJWW2XPPVKZSVN3AB3SS56QAFPG64HH6N2VF2VPR" expires="2019-08-12 14:12:59 UTC"/>

The token returned is only good for 2 minutes, so if you try to access a link provided via token after it has expired you will receive the following error:

HTTP Code: 473 Invalid or expired signin token

 

Error Codes

HTTP & Error messages 
Message
Notes
200

 

Success. Errors provided simultaneously
401 Invalid API key Verify your API key
403 Insufficient permissions Contact your CSM to have this resolved
473 Invalid or expired signin token More than 120 seconds have passed since this token was issued or this token has been redeemed.

 

Was this article helpful?
0 out of 0 found this helpful

Comments

0 comments

Please sign in to leave a comment.