Web Flow

In order for your App to see a Sigma Member's profile or Merits you'll need to add a "Login with Sigma" web flow to your own software.

Somewhere in your software you may show a "Login with Sigma" button, which should trigger a call to the Request LoginWithSigma Url endpoint, documented here: https://dev.sig.ma/reference#request-login-with-sigma-url

Your App may request some combination of the following permissions in the table

Permission Type	What it grants
CanViewAllStandardMerits	View Merits sent to the recipient by any Org
CanViewPublicProfile	View the recipient's name and primary email
CanViewAllStandardMeritsFromOrg (with a specific OrgId)	View Merits sent to the recipient by a specific Org NOTE: it is not necessary to pass this permission for your own Org or the linked Org; Those are given

curl -X POST -H "Authorization: Bearer {orgAccessToken}" https://api.sig.ma/v2/orgs/5bb5a3992bfa430006c47bd5/request_loginwithsigma_url -H "Content-Type: application/json" -d '{ "requestedPermissions": [{ "permissionType": "CanViewPublicProfile" }, { "permissionType": "CanViewAllStandardMerits" }], "successUrl": "/goodpath", "failureUrl": "/badpath", "state": "somestatevariable" }'

Once you receive a request_loginwithsigma_url from this endpoint, which will look like the following: https://sig.ma/login-with-sigma?token={token}, re-direct your user to this special authorization page for your App.

If a Sigma Member agrees to Login with Sigma for a given App and Org, they'll be sent a pre-accepted Sigma Access Merit for the App from the Org and then redirected to your site along with a Sigma Member ID Token in the memberIdToken URL parameter. You can exchange this token for a `Member ID using the Member ID Token endpoint.

As long as their Sigma Access Merit remains accepted your App will be granted special permissions to access the Member's Merits and profile. You'll probably want to start by fetching their Merits using the Member Merits endpoint.