Checkout Authentication

General

The Checkout Authentication API, also known as the Authentication API, serves the purpose of registering and logging in customers, including guest customers without passwords, as well as resetting a customer's password. This API enables you to:

Acquire an access token, which grants you the ability to both retrieve and modify customer data via the Customer Account API
Initiate the checkout process with the Webcomponent
View all active sessions for a given customer and invalidate specific tokens or sessions.

To implement custom login and registration forms, as well as the password reset flow on your storefront, you'll need to make calls from your frontend to your backend. Subsequently, your backend will communicate with the Authentication API.

Authentication API is designed exclusively for backend-to-backend interactions. Making direct calls from the frontend to the Authentication API is not supported

This guide provides you with the necessary information to seamlessly integrate with the Authentication API, elucidating key concepts and relevant endpoints. For specific endpoint details, refer to the Authentication API specification.

Authentication API

Create an API Client in the SCAYLE Panel

Before you can interact with the Authentication API, you have to create an API client in the SCAYLE Panel to obtain your client_id and client_secret.

To create a token:

Navigate to Shops > Storefront > API keys.
Click + Generate OAuth Credentials.
Enter a Name and click Create Token.

The ID and token are then displayed only once!

*SCAYLE Panel: Generate Authentication API token*

Make sure to store those credentials safely in your backend. All the endpoints explained in the following chapters require you to provide the client_id and client_secret as a Basic Auth header on the request.

Example

Authorization: Basic {base64Encode({client_id}:{client_secret})}

Authenticate using the Authentication API

The Authentication API offers various endpoints, each requiring different authentication methods based on the use case:

Basic Auth: Utilize OAuth Client credentials for secure access.
Bearer Auth: Employ Access Tokens for authenticated requests.
No Auth: Some endpoints are publicly accessible without authentication.

Consult theAPISpecification for detailed authentication requirements for each endpoint.

For endpoint access, use the following host: https://{{tenant-space}}.auth.scayle.cloud

Responses

Authentication API HTTP Status Codes and Error Handling

The Authentication API uses HTTP status codes to signify the outcome of API requests:

2xx: Successful operations.
4xx: Failures due to incorrect or insufficient information provided by the user.
5xx: Errors originating from Authentication API's servers.

In the event of an error, Authentication API issues an error response with error details. Typically, this includes a single error, but some endpoints may return multiple errors.

For a comprehensive understanding, refer to the following tables detailing status codes, error responses, and error entities.

HTTP status codes

HTTP Status Code	Description
200 - OK	Request successfully fulfilled.
201 - Created	New resource successfully created.
204 - No Content	Request fulfilled with no content to send in the response.
206 - Partial Content	Partial content of the requested resource successfully delivered..
400 - Bad Request	Request contains invalid parameters or is malformed.
401 - Unauthorized	Authentication failed or missing, see access.
404 - Not Found	Specified resource does not exist.
408 - Request Timeout	Request timed out on the server.
409 - Conflict	Conflict with the current state of the resource.
412 - Precondition Failed	Failure in a requested dependency.
413 - Payload Too Large	Request entity exceeds the server's size limits.
424 - Failed Dependency	Request failed due to failure of dependency.
500 - Internal Server Error	An unexpected error on the Authentication API server.
503 - Service Unavailable	Authentication API is temporarily unavailable.