Introduction
This is the specification of the Checkout Authentication API.
For the step-by-step instructions, see the Checkout Authentication API Guide.
Getting Started
Use this API to:
- Log in user
- Register user
- Reset password
- Manage sessions
This API must only be used by backend services!
Base URL
https://{{tenant-space}}.auth.scayle.cloud/v1
All requests must be made over HTTPS.
Header
- Authorization Bearer Token
- Content-Type application/json
How to Use
Creating an API Client
First, you will need to create a new API client using the SCAYLE Panel to obtain your client_id and client_secret.
Make sure to store those credentials safely in your backend.
To create a token:
- Navigate to
Shops > Storefront > API keys. - Click + Generate OAuth Credentials.
- Enter a Name and click Create Token.
Validating a token
You will need to call the validation endpoint to check if an Access Token is still valid.
Access Tokens are valid for 30 days.
Refreshing a token
When your Access Token has expired you can use the Refresh Token to obtain a fresh Access Token.
Refreshing a token is done by using the POST token endpoint by using the refresh_token OAuth grant.
Consider to check the expiration date of the JWT to trigger a refresh early enough.
Refresh Tokens are valid for 60 days.
For more information, refer to our Handling Tokens guide.
Authenticating a user
There are three different options on how to authenticate a user:
- Register a new user.
- Log in an existing user.
- Log in as a guest customer without a password.
All of those endpoints will require you to provide the client_id and client_secret as a Basic Auth header.
After successfully authenticating a user, you will get an Access Token and a Refresh Token.
Download Full Reference
Using Postman or similar tools? You can download this reference as a JSON file and import it to start sending requests directly.
