docs
  1. Api-guides/authentication-api
  2. Getting Started
  3. Introduction

Introduction

This is the specification of the Authentication API.

Authentication Guide

The Authentication API enables seamless Identity Management with SCAYLE. It provides endpoints for user authentication (OAuth Client), token management (Bearer Auth), and integration with external identity providers such as Auth0, Salesforce, Google, or Apple SSO.

Please refer to SCAYLEs Authentication Guide to receive more information on

  • Authentication flow
  • Token handling
  • Token lifetime
  • Token revoke logic
  • Available Identiy Provider

Authentication Methods

SCAYLE offers two options for user authentication:

MethodDescription
Authenticate via OAuth APIsThe OAuth Client API provides the user-facing endpoints, enabling e.g. user creation or login, handling password reset emails, and allowing users to update their passwords within a to be build form.
Authenticate via Single Sign-OnThe API Endpoints for Single Sign-On can be used to handle Identity Provider redirects or callbacks.

For advanced token management, SCAYLE provides the Bearer Auth APIs.

MethodDescription
Token Management via Bearer AuthThe Bearer Auth API is designed for overall token management, allowing validation, refreshing, revocation, or deletion of tokens. The Shop can also retrieve a list of active tokens, either individually or collectively.

Getting Started

This API MUST only be used by backend services.

Base URL

The Authentication API is served over HTTPS. All URLs referenced in the documentation have the following base:

https://{{tenant-space}}.auth.scayle.cloud/v1

  • Authorization Bearer Token
  • Content-Type application/json

To create a token:\

  1. Navigate to Shops ➜ Storefront ➜ API Keys.
  2. Click + Generate OAuth Credentials.
  3. Enter a Name and click Create Token.

Make sure to store those credentials safely in your backend.

API Client

Before you can interact with the Authentication API, you have to create an API client in the SCAYLE Panel to obtain your client_id and client_secret.

Authorize

Basic Authentication

All API requests must be made over HTTPS. Calls made over plain HTTP will fail.

API requests without authentication will also fail.

Username and password are required for each API request.

  • Password: A dedicated secret key unique to each subaccount.
Example bad response

Bearer Auth

Auth response

Example bad response

Understand Authentication APIs

Limitations

In order to understand Prerequisites and Limitations, please refer to the Authentication Guide.

Best Practises

Detailed information on the usage of access token and refresh token as well as overall token handling can be found within the Authentication Guide.

Download Full Reference

Using Postman or similar tools? You can download this reference as a JSON file and import it to start sending requests directly.

Download authentication-api-latest.json