diff --git a/keeperapi/package-lock.json b/keeperapi/package-lock.json
index 93f0f15..d01c9d1 100644
--- a/keeperapi/package-lock.json
+++ b/keeperapi/package-lock.json
@@ -1,12 +1,12 @@
 {
   "name": "@keeper-security/keeperapi",
-  "version": "17.0.6",
+  "version": "17.0.7",
   "lockfileVersion": 2,
   "requires": true,
   "packages": {
     "": {
       "name": "@keeper-security/keeperapi",
-      "version": "17.0.6",
+      "version": "17.0.7",
       "license": "ISC",
       "dependencies": {
         "@noble/post-quantum": "^0.5.2",
diff --git a/keeperapi/package.json b/keeperapi/package.json
index 5a0fa54..8df9991 100644
--- a/keeperapi/package.json
+++ b/keeperapi/package.json
@@ -1,7 +1,7 @@
 {
   "name": "@keeper-security/keeperapi",
   "description": "Keeper API Javascript SDK",
-  "version": "17.0.6",
+  "version": "17.0.7",
   "browser": "dist/index.es.js",
   "main": "dist/index.cjs.js",
   "types": "dist/node/index.d.ts",
diff --git a/keeperapi/src/auth.ts b/keeperapi/src/auth.ts
index ce296a7..d8ab10c 100644
--- a/keeperapi/src/auth.ts
+++ b/keeperapi/src/auth.ts
@@ -7,7 +7,7 @@ import {
     LoginError,
     TwoFactorChannelData
 } from './configuration'
-import {KeeperEndpoint, KeeperEnvironment} from "./endpoint";
+import {KeeperEndpoint, KeeperEnvironment, ExecuteRestOptions} from "./endpoint";
 import {KeyWrapper, platform} from "./platform";
 import {
     generateEncryptionKey,
@@ -615,13 +615,13 @@ export class Auth {
         }
     }
 
-    async getSsoProvider(ssoDomain: string, locale?: string, ecOnly = false) {
+    async getSsoProvider(ssoDomain: string, locale?: string, ecOnly = false, skipRegionRedirect = false) {
         let domainRequest: ISsoServiceProviderRequest = {
             name: ssoDomain.trim(),
             locale: locale,
             clientVersion: this.endpoint.clientVersion,
         }
-        const domainResponse = await this.executeRest(ssoServiceProviderRequestMessage(domainRequest))
+        const domainResponse = await this.executeRest(ssoServiceProviderRequestMessage(domainRequest), { skipRegionRedirect })
         const params = domainResponse.isCloud
             ? '?payload=' + await this._endpoint.prepareSsoPayload(this.messageSessionUid)
             : '?embedded&key=' + await this._endpoint.getOnsitePublicKey(ecOnly)
@@ -1117,8 +1117,8 @@ export class Auth {
     //     return this.endpoint.executeV2Command(command);
     // }
 
-    async executeRest<TIn, TOut>(message: RestOutMessage<TOut> | RestMessage<TIn, TOut>): Promise<TOut> {
-        return this.endpoint.executeRest(message, this._sessionToken);
+    async executeRest<TIn, TOut>(message: RestOutMessage<TOut> | RestMessage<TIn, TOut>, options?: ExecuteRestOptions): Promise<TOut> {
+        return this.endpoint.executeRest(message, this._sessionToken, options);
     }
 
     async executeRestCommand<Request, Response>(command: RestCommand<Request, Response>): Promise<Response> {
@@ -1374,4 +1374,4 @@ function chooseErrorMessage(loginState: Authentication.LoginState){
 }
 
 const hasYubikeyChannel = (channels: Authentication.ITwoFactorChannelInfo[]): boolean =>
-  !!channels.find(({challenge, channelType}) => challenge && (channelType === Authentication.TwoFactorChannelType.TWO_FA_CT_U2F || channelType === Authentication.TwoFactorChannelType.TWO_FA_CT_WEBAUTHN))
\ No newline at end of file
+  !!channels.find(({challenge, channelType}) => challenge && (channelType === Authentication.TwoFactorChannelType.TWO_FA_CT_U2F || channelType === Authentication.TwoFactorChannelType.TWO_FA_CT_WEBAUTHN))
diff --git a/keeperapi/src/endpoint.ts b/keeperapi/src/endpoint.ts
index 95b58ef..ff5a87f 100644
--- a/keeperapi/src/endpoint.ts
+++ b/keeperapi/src/endpoint.ts
@@ -29,6 +29,10 @@ import SsoCloudResponse = SsoCloud.SsoCloudResponse;
 import {KeeperHttpResponse, RestCommand} from './commands'
 import {AllowedEcKeyIds, AllowedMlKemKeyIds, isAllowedEcKeyId, isAllowedMlKemKeyId} from './transmissionKeys'
 
+export type ExecuteRestOptions = {
+    skipRegionRedirect?: boolean
+}
+
 export class KeeperEndpoint {
     private _transmissionKey?: TransmissionKey
     private locale?: string
@@ -154,16 +158,16 @@ export class KeeperEndpoint {
         }
     }
 
-    async executeRest<TIn, TOut>(message: RestOutMessage<TOut> | RestMessage<TIn, TOut>, sessionToken?: string): Promise<TOut> {
+    async executeRest<TIn, TOut>(message: RestOutMessage<TOut> | RestMessage<TIn, TOut>, sessionToken?: string, options?: ExecuteRestOptions): Promise<TOut> {
         // @ts-ignore
-        return this.executeRestInternal(message, sessionToken)
+        return this.executeRestInternal(message, sessionToken, options)
     }
 
     async executeRestAction<TIn>(message: RestInMessage<TIn> | RestActionMessage, sessionToken?: string): Promise<void> {
         return this.executeRestInternal(message, sessionToken)
     }
 
-    private async executeRestInternal<TIn, TOut>(message: RestInMessage<TIn> | RestOutMessage<TOut> | RestMessage<TIn, TOut> | RestActionMessage, sessionToken?: string): Promise<TOut | void> {
+    private async executeRestInternal<TIn, TOut>(message: RestInMessage<TIn> | RestOutMessage<TOut> | RestMessage<TIn, TOut> | RestActionMessage, sessionToken?: string, options?: ExecuteRestOptions): Promise<TOut | void> {
         this._transmissionKey = await this.getTransmissionKey()
         while (true) {
             const payload = 'toBytes' in message ? message.toBytes() : new Uint8Array()
@@ -233,6 +237,9 @@ export class KeeperEndpoint {
                             await this.updateTransmissionKey(newEcKeyId, newMlKemKeyId)
                             continue
                         case 'region_redirect':
+                            if (options?.skipRegionRedirect) {
+                                throw new Error('region_redirect')
+                            }
                             this.options.host = errorObj.region_host!
                             if (this.options.onRegionChanged) {
                                 await this.options.onRegionChanged(this.options.host);