docs
  1. SCAYLE Resource Center
  2. Authentication & Accounts
  3. General

General

This Developer Guide introduces the Authentication API and shows you how to work with it.

The Authentication API, also known as the "Auth" API, serves the purpose of registering and logging in customers, including guest customers without passwords, as well as resetting a customer's password. This API enables you to:

  • Acquire an access token, which grants you the ability to both retrieve and modify customer data via the Customer Account API.
  • Initiate the checkout process with the Webcomponent.
  • View all active sessions for a given customer and invalidate specific tokens or sessions.

To implement custom login and registration forms, as well as the password reset flow on your storefront, you'll need to make calls from your frontend to your backend. Subsequently, your backend will communicate with the Authentication API.

Please be aware that the Authentication API is designed exclusively for backend-to-backend interactions. Making direct calls from the frontend to the Authentication API is not supported.

This guide provides you with the necessary information to seamlessly integrate with the Authentication API, elucidating key concepts and relevant endpoints. For specific endpoint details, refer to the API specification.

Create API Client

Create an API Client in SCAYLE Panel.

Before you can interact with the Authentication API, you have to create an API client in the SCAYLE Panel to obtain your client_id and client_secret.

To create a token:

  1. Navigate to Shops > Storefront > API keys.
  2. Click + Generate OAuth Credentials.
  3. Enter a Name and click Create Token.

The ID and token are then displayed only once.

SCAYLE Panel: Generate Authentication API token.

Make sure to store those credentials safely in your backend. All the endpoints explained in the following chapters require you to provide the client_id and client_secret as a Basic Auth header on the request.

Example

Authorization: Basic {base64Encode({client_id}:{client_secret})}