Introduction
The SCAYLE Authentication API manages customer identity for your storefront. It handles user registration, login, password management, email verification, and external identity provider integration (social login such as Auth0, Salesforce, Google, or Apple SSO).
Tokens issued by this API are used as Bearer tokens when calling the Customer Account API. They are also required to authenticate requests to the Headless Checkout
Backend Use Only
This API must only be called from your backend services. Client credentials (`client_id` and `client_secret`) must never be exposed in frontend code, mobile apps, or client-side JavaScript.
Authentication Methods
SCAYLE offers two options for user authentication:
| Method | Description |
|---|---|
| Authenticate via OAuth APIs | The OAuth Client API provides user-facing endpoints for actions such as user creation, login, logout, password reset. |
| Authenticate via Single Sign-On | The API Endpoints for Single Sign-On handle Identity Provider redirects and callbacks, enabling social login for a seamless user experience. |
For advanced token management, SCAYLE provides the Bearer Auth APIs.
| Method | Description |
|---|---|
| Token Management via Bearer Auth | The Bearer Auth API handles overall token management, enabling you to validate, refresh, revoke or delete tokens. The Shop can also retrieve individual active tokens or a complete list of them. |
Please refer to SCAYLEs Authentication Guide to receive more information on
- Authentication flow
- Token handling
- Token lifetime
- Token revoke logic
- Available Identity Provider
Download Full Reference
Using Postman or similar tools? You can download this reference as a JSON file and import it to start sending requests directly.
