Authentication and authorization

Create and manage customer access tokens.

Creating a new customer

post

Creates a new customer account.

Note: The request needs to be authorized with an anonymous access token.


Required scopes

No specific scopes are required.

Authorizations
Path parameters
tenantstring · min: 3 · max: 16Required

Your Emporix tenant's name.

Note: The tenant should always be written in lowercase.

Pattern: ^[a-z][a-z0-9]+$
Body
emailstring · min: 1Required

Customer's email address.

Example: [email protected]
passwordstring · min: 1Required

Customer's account password.

customerDetailsall ofOptional
Responses
201
Created
application/json
post
POST /customer/{tenant}/signup HTTP/1.1
Host: api.emporix.io
Authorization: Bearer YOUR_SECRET_TOKEN
Content-Type: application/json
Accept: */*
Content-Length: 675

{
  "email": "[email protected]",
  "password": "password123",
  "customerDetails": {
    "title": "MR",
    "firstName": "John",
    "middleName": "",
    "lastName": "Doe",
    "contactEmail": "[email protected]",
    "contactPhone": "123456789",
    "company": "Emporix",
    "preferredLanguage": "en_US",
    "preferredCurrency": "EUR",
    "preferredSite": "main",
    "b2b": {
      "companyRegistrationId": "123-456-789"
    }
  },
  "customerAddress": {
    "contactName": "John Doe",
    "companyName": "Emporix",
    "street": "Platz der Republik",
    "streetNumber": "1",
    "streetAppendix": "",
    "extraLine1": "",
    "extraLine2": "",
    "extraLine3": "",
    "extraLine4": "",
    "zipCode": "11011",
    "city": "Berlin",
    "country": "DE",
    "state": "Berlin",
    "contactPhone": "123456789",
    "tags": [
      "BILLING",
      "SHIPPING"
    ]
  }
}
{
  "id": "13730481"
}

Requesting an anonymous token

get

Sends an authentication request and returns an anonymous token. This operation causes creation of a new session-context document.

Anonymous token is valid for one hour. After that time it should be refreshed in order to keep the same session ID associated.

Query parameters
tenantstringRequired

Name of the tenant.

Note: Name of the tenant is always written in lowercase.

Example: {tenant}
client_idstringRequired

Your Emporix API key - client ID.

Example: {client_id}
Responses
200
The request was successful. An anonymous token is returned.
application/json
get
GET /customerlogin/auth/anonymous/login HTTP/1.1
Host: api.emporix.io
Accept: */*
200

The request was successful. An anonymous token is returned.

{
  "token_type": "Bearer",
  "access_token": "tpYgJPZqddEQ2zwfzNtx79noBP65",
  "expires_in": 3599,
  "refresh_token": "7FnviYrxvQWYdzUVBVTvXeNAA4Jy1HPe",
  "refresh_token_expires_in": 86399,
  "sessionId": "6d4d4d5e-04b9-40c5-9074-4df1405c6081",
  "scope": "tenant={tenant}"
}

Refreshing an anonymous token

get

Sends an authentication request and returns new anonymous token with same session ID attached.

This operation causes update of a session-context document with given session ID.

Anonymous token is valid for one hour. After that time, another refresh anonymous token request should be sent.

Query parameters
tenantstringRequired

Name of the tenant.

Note: Name of the tenant is always written in lowercase.

Example: {tenant}
anonymous_tokenstringRequiredDeprecated

NOTE: It's recommended to use refresh_token parameter instead. Anonymous token that needs to be refreshed so that the same session ID will be kept. Provide the value of the access_token you get in response to requesting a token request.

Example: {GOToGKaEKFyR8DokPBwHH0Y3AKCo}
refresh_tokenstringRequired

A refresh token generated when the anonymous token is created.

Example: {7FnviYrxvQWYdzUVBVTvXeNAA4Jy1HPe}
client_idstringRequired

Your Emporix API key - client ID.

Example: {client_id}
Responses
200
The request was successful. An anonymous token is returned.
application/json
get
GET /customerlogin/auth/anonymous/refresh HTTP/1.1
Host: api.emporix.io
Accept: */*
200

The request was successful. An anonymous token is returned.

{
  "token_type": "Bearer",
  "access_token": "tpYgJPZqddEQ2zwfzNtx79noBP65",
  "expires_in": 3599,
  "refresh_token": "7FnviYrxvQWYdzUVBVTvXeNAA4Jy1HPe",
  "refresh_token_expires_in": 86399,
  "sessionId": "6d4d4d5e-04b9-40c5-9074-4df1405c6081",
  "scope": "tenant={tenant}"
}

Logging in a customer

post

Logs in a customer and sends an authentication request. Returns \ two customer tokens: \n - Customer access token.\n - Customer SaaS token.

Note: The request needs to be authorized with an anonymous access token.


Required scopes

No specific scopes are required.

Authorizations
Path parameters
tenantstring · min: 3 · max: 16Required

Your Emporix tenant's name.

Note: The tenant should always be written in lowercase.

Pattern: ^[a-z][a-z0-9]+$
Body
emailstring · min: 1Required

Customer's email address.

passwordstring · min: 6Required

Customer's account password.

Responses
200
The request was successful. A customer token is returned.
application/json
post
POST /customer/{tenant}/login HTTP/1.1
Host: api.emporix.io
Authorization: Bearer YOUR_SECRET_TOKEN
Content-Type: application/json
Accept: */*
Content-Length: 58

{
  "email": "[email protected]",
  "password": "password123"
}
{
  "access_token": "aYR3Lu3rpsQ9ODhBIR83b3txTr5K",
  "saas_token": "eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiIxMzg2OTAwMCIsImV4cCI6MTY0MDQ0NDAzMn0.lvxFOeCOk-DWi3kqwJwR8eKal3ON2rr53e9I6Pha5rI",
  "expires_in": 2591999,
  "refresh_token": "94tKQ2Tsvlf9dYbmyccA7X1Rqe54B6dH",
  "refresh_token_expires_in": 86399,
  "token_type": "Bearer",
  "session_id": "45c9726e-77c8-4bd0-b29d-61ab56f59726"
}

Logging out a customer

get

Logs out a customer and invalidates their customer token.

Note: The request needs to be authorized with a customer's access token.


Required scopes

No specific scopes are required.

Authorizations
Path parameters
tenantstring · min: 3 · max: 16Required

Your Emporix tenant's name.

Note: The tenant should always be written in lowercase.

Pattern: ^[a-z][a-z0-9]+$
Query parameters
accessTokenstringRequired

Customer's access token to be invalidated.

Responses
204
No Content
get
GET /customer/{tenant}/logout HTTP/1.1
Host: api.emporix.io
Authorization: Bearer YOUR_SECRET_TOKEN
Accept: */*

No content

Refreshing a customer token

get

Sends an authentication request and returns a refresh token.

Note: The request needs to be authorized with an anonymous access token.


Required scopes

No specific scopes are required.

Authorizations
Path parameters
tenantstring · min: 3 · max: 16Required

Your Emporix tenant's name.

Note: The tenant should always be written in lowercase.

Pattern: ^[a-z][a-z0-9]+$
Query parameters
refreshTokenstringRequired

Customer's refresh token generated when a customer token is requested.

Example: {customer_refresh_token}
legalEntityIdstringOptional

Identifier of the legal entity associated with the user session.

Header parameters
AuthorizationstringRequired

Customer's access token generated when the customer token is created.

Example: Bearer {customer_access_token}
Responses
200
The request was successful. A refresh token is returned.
application/json
get
GET /customer/{tenant}/refreshauthtoken HTTP/1.1
Host: api.emporix.io
Authorization: text
Accept: */*
{
  "access_token": "2yXy8H7sByl4JSWrr7GRqxiCRMUm",
  "expires_in": 2591999,
  "refresh_token": "iwXAFjGwboaehJar1qNOkV05phDw1god",
  "refresh_token_expires_in": 86390,
  "token_type": "Bearer",
  "session_id": "45c9726e-77c8-4bd0-b29d-61ab56f59726"
}

Validate a token

get

Checks whether a token is valid. If the token is invalid, it returns a 401 status code. If the token is valid, it provides the token details.

Authorizations
Path parameters
tenantstringRequired

Name of the tenant.

Note: Name of the tenant is always written in lowercase.

Example: {tenant}
Header parameters
AuthorizationstringRequired

Customer's access token generated upon the customer token creation.

Example: Bearer {customer_access_token}
Responses
200
The request was successful. A token details are returned.
application/json
get
GET /customer/{tenant}/validateauthtoken HTTP/1.1
Host: api.emporix.io
Authorization: text
Accept: */*
{
  "token_type": "Bearer",
  "expires_in": 2591974,
  "scope": "approval.approval_read_own customermanagement.legalentity_read_own customer.customer_read_own quote.quote_read_own returns.returns_read_own iam.scope_read_own iam.user_read_own customersegment.segment_read_own iam.group_read_own order.order_readascustomer coupon.coupon_redeem customer.customerprofile_edit quote.quote_manage_own returns.returns_manage_own customer.customer_manage_own approval.approval_manage_own order.order_updateascustomer iam.assignment_delete_own customer.consent_view customer.customerprofile_view order.history_view iam.assignment_create_own customer.consent_manage tenant=test",
  "sessionId": "415c340b-5996-4112-bb3b-38139a409f93",
  "email": "[email protected]",
  "legalEntityId": "53ac81fd0cce8b26b36f3492"
}

Logging in a customer with social login

post

Logs in a customer using an authentication code from Auth0 and retrieves a standard customer token.


Required scopes

No specific scopes are required.

Authorizations
Path parameters
tenantstring · min: 3 · max: 16Required

Your Emporix tenant's name.

Note: The tenant should always be written in lowercase.

Pattern: ^[a-z][a-z0-9]+$
Query parameters
codestringRequired

The authorization code received from the identity provider.

redirect_uristringRequired

The redirect URI that was used in the initial authorization request.

code_verifierstringOptional

Required only if using PKCE (Proof Key for Code Exchange) flow.

Header parameters
session-idstringOptional

Anonymous customer's unique session identifier.

Responses
200
OK
application/json
post
POST /customer/{tenant}/socialLogin HTTP/1.1
Host: api.emporix.io
Authorization: Bearer YOUR_SECRET_TOKEN
Accept: */*
{
  "social_access_token": "text",
  "social_id_token": "text",
  "refresh_token": "text",
  "refresh_token_expires_in": "text",
  "session_idle_time": 1,
  "token_type": "text",
  "access_token": "text",
  "saas_token": "text",
  "expires_in": "text",
  "scope": "text"
}

Was this helpful?