Requests should use the host https://platform.sectigo.com/. All unauthenticated requests will be redirected to https. The request should meet the following requirements:
If an Accept: header is given it must have the value application/json. Other media types may be rejected.
The domain must be exactly platform.sectigo.com.
Just about any OAuth-signed URL can be used for SSO if it's opened in a browser. For API requests, you send a Content-Type: application/json header and we return JSON. If you use that same link in a browser, our app will create a user session and load the corresponding page.
For SSO, we generally advise creating an OAuth-signed link to https://platform.sectigo.com/websites and making that the target of a 'Manage Backups' or 'Open Sectigo Web Security Platform Dashboard'-type link or button. The /websites path is the default location when customers log in with a username and password and we show an overview of all of their backups.