## Endpoints
### SSO Callback
route: `GET /users/auth/arivale_sso/callback`
optional param:
* `target_url` - url to redirect to after successful SSO authentication

### User validation
route: `POST /users/sessions/verify`
required headers:
```
Accept: application/json
Content-Type: application/json
```
`POST` body:
```
{
    "user": {
        "email": "<email>",
        "password": "<password>"
    }
}
```
Response:
```
{
  "success": true
}
```
If the `email` & `password` values are not valid, `success` will be `false`. Otherwise `success` will be `true`.

### Other user email validation
route: `POST /users/sessions/verify_email`
required headers:
```
Accept: application/json
Content-Type: application/json
```
`POST` body:
```
{
  "user": {
    "email": "<admin_email>",
    "password": "<admin_password>"
  }
  "email": "bob@health123.com"
}
```
Response:
```
{
  "success": true,
  "user": {
    "email": "bob@health123.com",
    "first_name": "bob",
    "middle_name": null,
    "last_name": "smith"
  }
}
```
If the `admin_email` & `admin_password` values are not valid, `success` will be `false` and `email` will be `null`. If `admin_email` & `admin_password` values are valid, `success` will be `true`. `user` will be `null` if access to that user's info is not allowed. If access is allowed then the above response will occur. Only admins and org_admins can successfully use this endpoint.