# Authentication and authorization
Create and manage customer access tokens.
## Creating a new customer
> Creates a new customer account.\
> \
> \*\*Note\*\*: The request needs to be authorized with an anonymous access token.
```json
{"openapi":"3.0.0","info":{"title":"Customer Service (customer-managed)","version":"0.0.1"},"tags":[{"name":"Authentication and authorization","description":"Create and manage customer access tokens."}],"servers":[{"url":"https://api.emporix.io"}],"security":[{"AnonymousAccessToken":[]}],"components":{"securitySchemes":{"AnonymousAccessToken":{"type":"http","scheme":"bearer","description":"To generate an anonymous token, check out the 'Requesting an anonymous token' endpoint."}},"schemas":{"ResourceLocation":{"type":"object","title":"Resource Location","description":"Schema for showing location of the new resource.","properties":{"id":{"description":"Resource identifier.","type":"string"}}},"ErrorMessage":{"title":"","description":"Schema for API-specific errors.","type":"object","properties":{"status":{"minimum":100,"maximum":599,"description":"Original HTTP error code. It should be consistent with the HTTP response code.","type":"integer"},"type":{"pattern":"[a-z]+[a-z_]*[a-z]+","description":"Classification of the error type.\n**Note:** The error type should be written in lowercase and include underscores, for example `validation_failure`.","type":"string"},"message":{"description":"Descriptive error message for debugging purposes.","type":"string"},"moreInfo":{"type":"string","description":"More information (such as a link to the documentation) for investigating further and getting support."},"details":{"description":"List of problems causing the error.","type":"array","items":{"title":"errorDetail","description":"Specific error cause.","type":"object","properties":{"field":{"description":"Element in request data which is causing the error, for example `category.name`.\nIf the violation was not field-specific, this field will be empty.","type":"string"},"type":{"pattern":"[a-z]+[a-z_]*[a-z]+","description":"Classification of the specific error cause. This value should always be interpreted within the context of the general error type.\n**Note:** The error type should be written in lowercase and include underscores, for example `missing_value`.","type":"string"},"message":{"description":"Descriptive error message for debugging purposes.","type":"string"},"moreInfo":{"type":"string","description":"More information (such as a link to the documentation) for investigating further and getting support."}}}}}},"CustomerSignup":{"type":"object","properties":{"email":{"minLength":1,"type":"string","description":"Customer email address."},"password":{"minLength":1,"type":"string","description":"Customer account password."},"customerDetails":{"$ref":"#/components/schemas/CustomerUpdateDto","description":"If customer details are provided, the `contactEmail` value has to be the same as in the `email` property of the contact."},"customerAddress":{"$ref":"#/components/schemas/Address"},"signup":{"$ref":"#/components/schemas/PasswordAuthentication","description":"Customer email and password used for separate login credentials to the frontend. Use these if you want to log in with a different email than the main contact email."}},"required":["email","password"]},"CustomerUpdateDto":{"allOf":[{"$ref":"#/components/schemas/CustomerCommonDto"},{"type":"object","properties":{"contactEmail":{"type":"string"}}}]},"CustomerCommonDto":{"title":"CustomerCommonDto","type":"object","properties":{"title":{"type":"string"},"firstName":{"type":"string"},"middleName":{"type":"string"},"lastName":{"type":"string"},"contactPhone":{"type":"string"},"company":{"type":"string"},"preferredLanguage":{"type":"string","default":"en_US","description":"Customer preferred language."},"preferredCurrency":{"type":"string","default":"USD","description":"Customer's preferred currency, compliant with the ISO 4217 standard.","minLength":3,"maxLength":3},"preferredSite":{"type":"string","default":"main","description":"Customer preferred site."},"b2b":{"$ref":"#/components/schemas/B2BCreate"},"metadata":{"$ref":"#/components/schemas/DefaultDtoMetadata"},"mixins":{"type":"object","description":"Customer account additional properties.","additionalProperties":true}}},"B2BCreate":{"type":"object","description":"Additional properties for B2B customer. If the `companyRegistrationId` property is provided, an additional validation for customer details executes - `firstName`, `lastName` and `company` values have to be provided.","properties":{"companyRegistrationId":{"type":"string","description":"Registration number of the company."}}},"DefaultDtoMetadata":{"title":"DefaultDtoMetadata","type":"object","allOf":[{"$ref":"#/components/schemas/BasicMetadataDto"},{"type":"object","properties":{"version":{"type":"integer"}}}]},"BasicMetadataDto":{"title":"DefaultDtoMetadata","type":"object","properties":{"mixins":{"type":"object","additionalProperties":true}},"description":"Links to mixin schemas."},"Address":{"type":"object","description":"Customer address information.","properties":{"id":{"type":"string","description":"Customer address' unique identifier generated when the address is added to the customer account."},"contactName":{"type":"string"},"companyName":{"type":"string"},"street":{"type":"string"},"streetNumber":{"type":"string"},"streetAppendix":{"type":"string"},"extraLine1":{"type":"string"},"extraLine2":{"type":"string"},"extraLine3":{"type":"string"},"extraLine4":{"type":"string"},"zipCode":{"type":"string"},"city":{"type":"string"},"country":{"type":"string","maxLength":2,"minLength":2},"state":{"type":"string"},"contactPhone":{"type":"string"},"isDefault":{"type":"boolean","default":false,"description":"Flag indicating whether the address is the customer default address."},"tags":{"type":"array","description":"","items":{"type":"string"}},"metadata":{"$ref":"#/components/schemas/DefaultDtoMetadata"},"mixins":{"type":"object","description":"Customer address' additional properties.","additionalProperties":true}},"required":["contactName"]},"PasswordAuthentication":{"type":"object","properties":{"email":{"minLength":1,"type":"string","description":"Customer email address."},"password":{"minLength":6,"type":"string","description":"Customer account password."}},"required":["email","password"]}},"responses":{"400_bad_request":{"description":"Request was syntactically incorrect. Details will be provided in the response payload.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorMessage"}}}},"401_unauthorized":{"description":"Unauthorized","content":{"application/json":{"schema":{"type":"object","properties":{"fault":{"type":"object","properties":{"faultstring":{"type":"string"},"detail":{"type":"object","properties":{"errorcode":{"type":"string"}}}}}}}}}},"403_forbidden":{"description":"Given authorization scopes are not sufficient and do not match scopes required by the endpoint.\n","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorMessage"}}}},"409_conflict":{"description":"","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorMessage"}}}}}},"paths":{"/customer/{tenant}/signup":{"post":{"responses":{"201":{"description":"Created","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ResourceLocation"}}}},"400":{"$ref":"#/components/responses/400_bad_request"},"401":{"$ref":"#/components/responses/401_unauthorized"},"403":{"$ref":"#/components/responses/403_forbidden"},"409":{"$ref":"#/components/responses/409_conflict"}},"description":"Creates a new customer account.\n\n**Note**: The request needs to be authorized with an anonymous access token.","operationId":"POST-customer-create-customer-account","requestBody":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/CustomerSignup"}}},"required":false,"description":""},"summary":"Creating a new customer","tags":["Authentication and authorization"]}}}}
```
## Requesting an anonymous token
> Sends an authentication request and returns an anonymous token. This operation causes creation of a new session-context document.\
> \
> Anonymous token is valid for one hour. After that time it should be refreshed in order to keep the same session ID associated.
```json
{"openapi":"3.0.0","info":{"title":"Customer Service (customer-managed)","version":"0.0.1"},"tags":[{"name":"Authentication and authorization","description":"Create and manage customer access tokens."}],"servers":[{"url":"https://api.emporix.io","description":"Production"}],"paths":{"/customerlogin/auth/anonymous/login":{"get":{"tags":["Authentication and authorization"],"summary":"Requesting an anonymous token","description":"Sends an authentication request and returns an anonymous token. This operation causes creation of a new session-context document.\n\nAnonymous token is valid for one hour. After that time it should be refreshed in order to keep the same session ID associated.\n","operationId":"GET-oauth-generate-anonymous-access-token","parameters":[{"name":"tenant","in":"query","description":"Name of the tenant.\n\n**Note**: Name of the tenant is always written in lowercase.\n","required":true,"schema":{"type":"string"}},{"name":"client_id","in":"query","description":"Your Emporix API key - client ID.","required":true,"schema":{"type":"string"}},{"name":"currency","in":"query","description":"Three-letter currency code to set in the session context.","required":false,"schema":{"type":"string"}},{"name":"siteCode","in":"query","description":"Code of the site to set in the session context, as defined in the Site Settings Service.","required":false,"schema":{"type":"string"}},{"name":"language","in":"query","description":"Language to set in the session context.","required":false,"schema":{"type":"string"}},{"name":"targetLocation","in":"query","description":"Country code to set in the session context, as defined in the Country Service.","required":false,"schema":{"type":"string"}}],"responses":{"200":{"description":"The request was successful. An anonymous token is returned.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/AnonymousAccessToken"}}}}}}}},"components":{"schemas":{"AnonymousAccessToken":{"type":"object","properties":{"access_token":{"type":"string"},"token_type":{"type":"string"},"expires_in":{"type":"integer","format":"int32"},"sessionId":{"type":"string"},"scope":{"type":"string"}}}}}}
```
## Refreshing an anonymous token
> Sends an authentication request and returns new anonymous token with same session ID attached.\
> \
> This operation causes update of a session-context document with given session ID.\
> \
> Anonymous token is valid for one hour. After that time, another refresh anonymous token request should be sent.
```json
{"openapi":"3.0.0","info":{"title":"Customer Service (customer-managed)","version":"0.0.1"},"tags":[{"name":"Authentication and authorization","description":"Create and manage customer access tokens."}],"servers":[{"url":"https://api.emporix.io","description":"Production"}],"paths":{"/customerlogin/auth/anonymous/refresh":{"get":{"tags":["Authentication and authorization"],"summary":"Refreshing an anonymous token","description":"Sends an authentication request and returns new anonymous token with same session ID attached.\n\nThis operation causes update of a session-context document with given session ID.\n\nAnonymous token is valid for one hour. After that time, another refresh anonymous token request should be sent.\n","operationId":"GET-oauth-refresh-anonymous-access-token","parameters":[{"name":"tenant","in":"query","description":"Name of the tenant.\n\n**Note**: Name of the tenant is always written in lowercase.\n","required":true,"schema":{"type":"string"}},{"name":"anonymous_token","in":"query","description":"NOTE: It's recommended to use `refresh_token` parameter instead.
Anonymous token that needs to be refreshed so that the same session ID will be kept. Provide the value of the `access_token` you get in response to requesting a token request.","required":true,"deprecated":true,"schema":{"type":"string"}},{"name":"refresh_token","in":"query","description":"A refresh token generated when the anonymous token is created.","required":true,"schema":{"type":"string"}},{"name":"client_id","in":"query","description":"Your Emporix API key - client ID.","required":true,"schema":{"type":"string"}}],"responses":{"200":{"description":"The request was successful. An anonymous token is returned.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/AnonymousAccessToken"}}}}}}}},"components":{"schemas":{"AnonymousAccessToken":{"type":"object","properties":{"access_token":{"type":"string"},"token_type":{"type":"string"},"expires_in":{"type":"integer","format":"int32"},"sessionId":{"type":"string"},"scope":{"type":"string"}}}}}}
```
## Logging in a customer
> Logs in a customer and sends an authentication request. \
> Returns two customer tokens:\
> \- Customer access token\
> \- Customer SaaS token\
> \
> \*\*Note\*\*: The request needs to be authorized with an anonymous access token.
```json
{"openapi":"3.0.0","info":{"title":"Customer Service (customer-managed)","version":"0.0.1"},"tags":[{"name":"Authentication and authorization","description":"Create and manage customer access tokens."}],"servers":[{"url":"https://api.emporix.io"}],"security":[{"AnonymousAccessToken":[]}],"components":{"securitySchemes":{"AnonymousAccessToken":{"type":"http","scheme":"bearer","description":"To generate an anonymous token, check out the 'Requesting an anonymous token' endpoint."}},"schemas":{"CustomerToken":{"description":"","type":"object","allOf":[{"$ref":"#/components/schemas/RefreshCustomerToken"}],"properties":{"saasToken":{"type":"string","minLength":1,"deprecated":true},"saas_token":{"type":"string","minLength":1},"initialPassword":{"type":"string","description":"Indicates if login was performed with password created by an employee"}}},"RefreshCustomerToken":{"description":"","type":"object","properties":{"accessToken":{"type":"string","minLength":1,"deprecated":true},"expiresIn":{"type":"number","format":"int32","deprecated":true},"refreshToken":{"type":"string","minLength":1,"deprecated":true},"refreshTokenExpiresIn":{"type":"number","format":"int32","deprecated":true},"access_token":{"type":"string","minLength":1},"expires_in":{"type":"number","format":"int32"},"refresh_token":{"type":"string","minLength":1},"refresh_token_expires_in":{"type":"number","format":"int32"},"token_type":{"type":"string"},"session_id":{"type":"string"}}},"ErrorMessage":{"title":"","description":"Schema for API-specific errors.","type":"object","properties":{"status":{"minimum":100,"maximum":599,"description":"Original HTTP error code. It should be consistent with the HTTP response code.","type":"integer"},"type":{"pattern":"[a-z]+[a-z_]*[a-z]+","description":"Classification of the error type.\n**Note:** The error type should be written in lowercase and include underscores, for example `validation_failure`.","type":"string"},"message":{"description":"Descriptive error message for debugging purposes.","type":"string"},"moreInfo":{"type":"string","description":"More information (such as a link to the documentation) for investigating further and getting support."},"details":{"description":"List of problems causing the error.","type":"array","items":{"title":"errorDetail","description":"Specific error cause.","type":"object","properties":{"field":{"description":"Element in request data which is causing the error, for example `category.name`.\nIf the violation was not field-specific, this field will be empty.","type":"string"},"type":{"pattern":"[a-z]+[a-z_]*[a-z]+","description":"Classification of the specific error cause. This value should always be interpreted within the context of the general error type.\n**Note:** The error type should be written in lowercase and include underscores, for example `missing_value`.","type":"string"},"message":{"description":"Descriptive error message for debugging purposes.","type":"string"},"moreInfo":{"type":"string","description":"More information (such as a link to the documentation) for investigating further and getting support."}}}}}},"PasswordAuthentication":{"type":"object","properties":{"email":{"minLength":1,"type":"string","description":"Customer email address."},"password":{"minLength":6,"type":"string","description":"Customer account password."}},"required":["email","password"]}},"responses":{"400_bad_request":{"description":"Request was syntactically incorrect. Details will be provided in the response payload.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorMessage"}}}},"401_unauthorized":{"description":"Unauthorized","content":{"application/json":{"schema":{"type":"object","properties":{"fault":{"type":"object","properties":{"faultstring":{"type":"string"},"detail":{"type":"object","properties":{"errorcode":{"type":"string"}}}}}}}}}}}},"paths":{"/customer/{tenant}/login":{"post":{"responses":{"200":{"description":"The request was successful. A customer token is returned.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/CustomerToken"}}}},"400":{"$ref":"#/components/responses/400_bad_request"},"401":{"$ref":"#/components/responses/401_unauthorized"}},"description":"Logs in a customer and sends an authentication request. \nReturns two customer tokens:\n - Customer access token\n - Customer SaaS token\n\n **Note**: The request needs to be authorized with an anonymous access token.","operationId":"POST-customer-authenticate-customer","requestBody":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/PasswordAuthentication"}}},"required":true},"summary":"Logging in a customer","tags":["Authentication and authorization"]}}}}
```
## Logging out a customer
> Logs out a customer and invalidates their customer token.\
> \
> \*\*Note\*\*: The request needs to be authorized with a customer access token.
```json
{"openapi":"3.0.0","info":{"title":"Customer Service (customer-managed)","version":"0.0.1"},"tags":[{"name":"Authentication and authorization","description":"Create and manage customer access tokens."}],"servers":[{"url":"https://api.emporix.io"}],"security":[{"CustomerAccessToken":[]}],"components":{"securitySchemes":{"CustomerAccessToken":{"type":"http","scheme":"bearer","description":"To generate a customer access token, go to the 'Logging in a customer' endpoint."}},"responses":{"400_bad_request":{"description":"Request was syntactically incorrect. Details will be provided in the response payload.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorMessage"}}}},"401_unauthorized":{"description":"Unauthorized","content":{"application/json":{"schema":{"type":"object","properties":{"fault":{"type":"object","properties":{"faultstring":{"type":"string"},"detail":{"type":"object","properties":{"errorcode":{"type":"string"}}}}}}}}}}},"schemas":{"ErrorMessage":{"title":"","description":"Schema for API-specific errors.","type":"object","properties":{"status":{"minimum":100,"maximum":599,"description":"Original HTTP error code. It should be consistent with the HTTP response code.","type":"integer"},"type":{"pattern":"[a-z]+[a-z_]*[a-z]+","description":"Classification of the error type.\n**Note:** The error type should be written in lowercase and include underscores, for example `validation_failure`.","type":"string"},"message":{"description":"Descriptive error message for debugging purposes.","type":"string"},"moreInfo":{"type":"string","description":"More information (such as a link to the documentation) for investigating further and getting support."},"details":{"description":"List of problems causing the error.","type":"array","items":{"title":"errorDetail","description":"Specific error cause.","type":"object","properties":{"field":{"description":"Element in request data which is causing the error, for example `category.name`.\nIf the violation was not field-specific, this field will be empty.","type":"string"},"type":{"pattern":"[a-z]+[a-z_]*[a-z]+","description":"Classification of the specific error cause. This value should always be interpreted within the context of the general error type.\n**Note:** The error type should be written in lowercase and include underscores, for example `missing_value`.","type":"string"},"message":{"description":"Descriptive error message for debugging purposes.","type":"string"},"moreInfo":{"type":"string","description":"More information (such as a link to the documentation) for investigating further and getting support."}}}}}}}},"paths":{"/customer/{tenant}/logout":{"get":{"responses":{"204":{"description":"No Content"},"400":{"$ref":"#/components/responses/400_bad_request"},"401":{"$ref":"#/components/responses/401_unauthorized"}},"description":"Logs out a customer and invalidates their customer token.\n\n**Note**: The request needs to be authorized with a customer access token.","operationId":"GET-customer-logout-customer","parameters":[{"name":"accessToken","in":"query","required":true,"description":"Customer access token to be invalidated.","schema":{"type":"string"}}],"tags":["Authentication and authorization"],"summary":"Logging out a customer"}}}}
```
## Refreshing a customer token
> Sends an authentication request and returns a refresh token.\
> \
> \*\*Note\*\*: The request needs to be authorized with an anonymous access token.
```json
{"openapi":"3.0.0","info":{"title":"Customer Service (customer-managed)","version":"0.0.1"},"tags":[{"name":"Authentication and authorization","description":"Create and manage customer access tokens."}],"servers":[{"url":"https://api.emporix.io"}],"security":[{"AnonymousAccessToken":[]}],"components":{"securitySchemes":{"AnonymousAccessToken":{"type":"http","scheme":"bearer","description":"To generate an anonymous token, check out the 'Requesting an anonymous token' endpoint."}},"schemas":{"RefreshCustomerToken":{"description":"","type":"object","properties":{"accessToken":{"type":"string","minLength":1,"deprecated":true},"expiresIn":{"type":"number","format":"int32","deprecated":true},"refreshToken":{"type":"string","minLength":1,"deprecated":true},"refreshTokenExpiresIn":{"type":"number","format":"int32","deprecated":true},"access_token":{"type":"string","minLength":1},"expires_in":{"type":"number","format":"int32"},"refresh_token":{"type":"string","minLength":1},"refresh_token_expires_in":{"type":"number","format":"int32"},"token_type":{"type":"string"},"session_id":{"type":"string"}}},"ErrorMessage":{"title":"","description":"Schema for API-specific errors.","type":"object","properties":{"status":{"minimum":100,"maximum":599,"description":"Original HTTP error code. It should be consistent with the HTTP response code.","type":"integer"},"type":{"pattern":"[a-z]+[a-z_]*[a-z]+","description":"Classification of the error type.\n**Note:** The error type should be written in lowercase and include underscores, for example `validation_failure`.","type":"string"},"message":{"description":"Descriptive error message for debugging purposes.","type":"string"},"moreInfo":{"type":"string","description":"More information (such as a link to the documentation) for investigating further and getting support."},"details":{"description":"List of problems causing the error.","type":"array","items":{"title":"errorDetail","description":"Specific error cause.","type":"object","properties":{"field":{"description":"Element in request data which is causing the error, for example `category.name`.\nIf the violation was not field-specific, this field will be empty.","type":"string"},"type":{"pattern":"[a-z]+[a-z_]*[a-z]+","description":"Classification of the specific error cause. This value should always be interpreted within the context of the general error type.\n**Note:** The error type should be written in lowercase and include underscores, for example `missing_value`.","type":"string"},"message":{"description":"Descriptive error message for debugging purposes.","type":"string"},"moreInfo":{"type":"string","description":"More information (such as a link to the documentation) for investigating further and getting support."}}}}}}},"responses":{"400_bad_request":{"description":"Request was syntactically incorrect. Details will be provided in the response payload.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorMessage"}}}},"401_unauthorized":{"description":"Unauthorized","content":{"application/json":{"schema":{"type":"object","properties":{"fault":{"type":"object","properties":{"faultstring":{"type":"string"},"detail":{"type":"object","properties":{"errorcode":{"type":"string"}}}}}}}}}}}},"paths":{"/customer/{tenant}/refreshauthtoken":{"get":{"responses":{"200":{"description":"The request was successful. A refresh token is returned.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/RefreshCustomerToken"}}}},"400":{"$ref":"#/components/responses/400_bad_request"},"401":{"$ref":"#/components/responses/401_unauthorized"}},"description":"Sends an authentication request and returns a refresh token.\n\n**Note**: The request needs to be authorized with an anonymous access token.","operationId":"GET-customer-refresh-authtoken","tags":["Authentication and authorization"],"parameters":[{"name":"tenant","in":"path","description":"Name of the tenant.\n\n**Note**: Name of the tenant is always written in lowercase.\n","required":true,"schema":{"type":"string"}},{"name":"Authorization","in":"header","description":"Customer access token generated when the customer token is created.","required":true,"schema":{"type":"string"}},{"name":"refreshToken","in":"query","description":"Customer refresh token generated when a customer token is requested.","required":true,"schema":{"type":"string"}},{"name":"legalEntityId","in":"query","description":"Identifier of the legal entity associated with the user session.","schema":{"type":"string"}}],"summary":"Refreshing a customer token"}}}}
```
## Validate a token
> Checks whether a token is valid. If the token is invalid, it returns a 401 status code. If the token is valid, it provides the token details.
```json
{"openapi":"3.0.0","info":{"title":"Customer Service (customer-managed)","version":"0.0.1"},"tags":[{"name":"Authentication and authorization","description":"Create and manage customer access tokens."}],"servers":[{"url":"https://api.emporix.io","description":"Production"}],"security":[{"CustomerAccessToken":[]}],"components":{"securitySchemes":{"CustomerAccessToken":{"type":"http","scheme":"bearer","description":"To generate a customer access token, go to the 'Logging in a customer' endpoint."}},"schemas":{"ValidateTokenResponse":{"type":"object","properties":{"token_type":{"type":"string","description":"Type of the token. Usually it's `Bearer`."},"expires_in":{"type":"integer","format":"int32","description":"Specifies the token's expiration time, represented in seconds."},"scope":{"type":"string","description":"A list of scopes assigned to the user."},"sessionId":{"type":"string","description":"Identifier of the user session."},"email":{"type":"string","description":"Customer email used to login (generate the token)."},"legalEntityId":{"type":"string","description":"Legal Entity ID."}}}}},"paths":{"/customer/{tenant}/validateauthtoken":{"get":{"tags":["Authentication and authorization"],"summary":"Validate a token","description":"Checks whether a token is valid. If the token is invalid, it returns a 401 status code. If the token is valid, it provides the token details.","operationId":"GET-customer-validate-token","parameters":[{"name":"tenant","in":"path","description":"Name of the tenant.\n\n**Note**: Name of the tenant is always written in lowercase.\n","required":true,"schema":{"type":"string"}},{"name":"Authorization","in":"header","description":"Customer access token generated upon the customer token creation.","required":true,"schema":{"type":"string"}}],"responses":{"200":{"description":"The request was successful. A token details are returned.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ValidateTokenResponse"}}}},"401":{"description":"Unauthorized"}}}}}}
```
## Exchanging an external access token for an Emporix customer token
> Exchanges an external access token (for example, from an identity provider such as Keycloak) for an Emporix customer access token.\
> \
> \*\*Note\*\*: The request needs to be authorized with an anonymous token.
```json
{"openapi":"3.0.0","info":{"title":"Customer Service (customer-managed)","version":"0.0.1"},"tags":[{"name":"Authentication and authorization","description":"Create and manage customer access tokens."}],"servers":[{"url":"https://api.emporix.io"}],"security":[],"paths":{"/customer/{tenant}/exchangeauthtoken":{"post":{"tags":["Authentication and authorization"],"summary":"Exchanging an external access token for an Emporix customer token","description":"Exchanges an external access token (for example, from an identity provider such as Keycloak) for an Emporix customer access token.\n\n**Note**: The request needs to be authorized with an anonymous token.","operationId":"POST-customer-exchange-authtoken","parameters":[{"$ref":"#/components/parameters/tenant"},{"name":"subjectAccessToken","in":"query","description":"The subject access token (JWT) to exchange for a customer token.","required":true,"schema":{"type":"string"}},{"name":"config","in":"query","description":"Configuration identifier (for example, `site_PL`). If not provided, the default configuration is used.\nIf a non-existing configuration is provided, the request returns 400 Bad Request.\n","required":false,"schema":{"type":"string"}},{"name":"Authorization","in":"header","description":"Anonymous token used to authorize the exchange.","required":true,"schema":{"type":"string"}}],"responses":{"200":{"description":"The request was successful. A customer token is returned.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ExchangeAuthTokenResponse"}}}},"400":{"$ref":"#/components/responses/400_bad_request"},"401":{"$ref":"#/components/responses/401_unauthorized"},"403":{"$ref":"#/components/responses/403_forbidden"}}}}},"components":{"parameters":{"tenant":{"name":"tenant","in":"path","required":true,"description":"Your Emporix tenant name.\n\n**Note**: The tenant should always be written in lowercase.\n","schema":{"pattern":"^[a-z][a-z0-9]+$","minLength":3,"maxLength":16,"type":"string"}}},"schemas":{"ExchangeAuthTokenResponse":{"description":"Response returned when exchanging an external subject access token for an Emporix customer token.","type":"object","properties":{"subject_access_token":{"type":"string","description":"The subject access token (JWT) that was exchanged."},"access_token":{"type":"string","minLength":1,"description":"Customer access token."},"saas_token":{"type":"string","minLength":1,"description":"SaaS token for the session."},"refresh_token":{"type":"string","minLength":1,"description":"Token used to refresh the customer access token."},"refresh_token_expires_in":{"type":"integer","format":"int32","description":"Expiration time of the refresh token in seconds."},"session_idle_time":{"type":"integer","format":"int32","description":"Session idle time in seconds."},"token_type":{"type":"string","description":"Type of the token. Usually `Bearer`."},"expires_in":{"type":"integer","format":"int32","description":"Expiration time of the access token in seconds."},"scope":{"type":"string","description":"List of scopes assigned to the customer."},"session_id":{"type":"string","description":"Session identifier."}}},"ErrorMessage":{"title":"","description":"Schema for API-specific errors.","type":"object","properties":{"status":{"minimum":100,"maximum":599,"description":"Original HTTP error code. It should be consistent with the HTTP response code.","type":"integer"},"type":{"pattern":"[a-z]+[a-z_]*[a-z]+","description":"Classification of the error type.\n**Note:** The error type should be written in lowercase and include underscores, for example `validation_failure`.","type":"string"},"message":{"description":"Descriptive error message for debugging purposes.","type":"string"},"moreInfo":{"type":"string","description":"More information (such as a link to the documentation) for investigating further and getting support."},"details":{"description":"List of problems causing the error.","type":"array","items":{"title":"errorDetail","description":"Specific error cause.","type":"object","properties":{"field":{"description":"Element in request data which is causing the error, for example `category.name`.\nIf the violation was not field-specific, this field will be empty.","type":"string"},"type":{"pattern":"[a-z]+[a-z_]*[a-z]+","description":"Classification of the specific error cause. This value should always be interpreted within the context of the general error type.\n**Note:** The error type should be written in lowercase and include underscores, for example `missing_value`.","type":"string"},"message":{"description":"Descriptive error message for debugging purposes.","type":"string"},"moreInfo":{"type":"string","description":"More information (such as a link to the documentation) for investigating further and getting support."}}}}}}},"responses":{"400_bad_request":{"description":"Request was syntactically incorrect. Details will be provided in the response payload.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorMessage"}}}},"401_unauthorized":{"description":"Unauthorized","content":{"application/json":{"schema":{"type":"object","properties":{"fault":{"type":"object","properties":{"faultstring":{"type":"string"},"detail":{"type":"object","properties":{"errorcode":{"type":"string"}}}}}}}}}},"403_forbidden":{"description":"Given authorization scopes are not sufficient and do not match scopes required by the endpoint.\n","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorMessage"}}}}}}}
```
## Logging in a customer with social login
> Logs in a customer using an authentication code from Auth0 and retrieves a standard customer token.
```json
{"openapi":"3.0.0","info":{"title":"Customer Service (customer-managed)","version":"0.0.1"},"tags":[{"name":"Authentication and authorization","description":"Create and manage customer access tokens."}],"servers":[{"url":"https://api.emporix.io"}],"security":[{"AnonymousAccessToken":[]}],"components":{"securitySchemes":{"AnonymousAccessToken":{"type":"http","scheme":"bearer","description":"To generate an anonymous token, check out the 'Requesting an anonymous token' endpoint."}},"responses":{"400_bad_request":{"description":"Request was syntactically incorrect. Details will be provided in the response payload.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorMessage"}}}},"401_unauthorized":{"description":"Unauthorized","content":{"application/json":{"schema":{"type":"object","properties":{"fault":{"type":"object","properties":{"faultstring":{"type":"string"},"detail":{"type":"object","properties":{"errorcode":{"type":"string"}}}}}}}}}}},"schemas":{"ErrorMessage":{"title":"","description":"Schema for API-specific errors.","type":"object","properties":{"status":{"minimum":100,"maximum":599,"description":"Original HTTP error code. It should be consistent with the HTTP response code.","type":"integer"},"type":{"pattern":"[a-z]+[a-z_]*[a-z]+","description":"Classification of the error type.\n**Note:** The error type should be written in lowercase and include underscores, for example `validation_failure`.","type":"string"},"message":{"description":"Descriptive error message for debugging purposes.","type":"string"},"moreInfo":{"type":"string","description":"More information (such as a link to the documentation) for investigating further and getting support."},"details":{"description":"List of problems causing the error.","type":"array","items":{"title":"errorDetail","description":"Specific error cause.","type":"object","properties":{"field":{"description":"Element in request data which is causing the error, for example `category.name`.\nIf the violation was not field-specific, this field will be empty.","type":"string"},"type":{"pattern":"[a-z]+[a-z_]*[a-z]+","description":"Classification of the specific error cause. This value should always be interpreted within the context of the general error type.\n**Note:** The error type should be written in lowercase and include underscores, for example `missing_value`.","type":"string"},"message":{"description":"Descriptive error message for debugging purposes.","type":"string"},"moreInfo":{"type":"string","description":"More information (such as a link to the documentation) for investigating further and getting support."}}}}}}}},"paths":{"/customer/{tenant}/socialLogin":{"post":{"summary":"Logging in a customer with social login","operationId":"POST-customer-login-customer-by-auth0","responses":{"200":{"description":"OK","content":{"application/json":{"schema":{"description":"","type":"object","properties":{"social_access_token":{"type":"string"},"social_id_token":{"type":"string"},"refresh_token":{"type":"string"},"refresh_token_expires_in":{"type":"string"},"session_idle_time":{"type":"integer"},"token_type":{"type":"string"},"access_token":{"type":"string"},"saas_token":{"type":"string"},"expires_in":{"type":"string"},"scope":{"type":"string"}}}}}},"400":{"$ref":"#/components/responses/400_bad_request"},"401":{"$ref":"#/components/responses/401_unauthorized"}},"parameters":[{"schema":{"type":"string"},"in":"header","name":"session-id","description":"Anonymous customer unique session identifier.","required":false},{"schema":{"type":"string"},"in":"query","name":"code","description":"The authorization code received from the identity provider.","required":true},{"schema":{"type":"string"},"in":"query","name":"redirect_uri","description":"The redirect URI that was used in the initial authorization request.","required":true},{"schema":{"type":"string"},"in":"query","name":"code_verifier","description":"Required only if using PKCE (Proof Key for Code Exchange) flow.","required":false}],"description":"Logs in a customer using an authentication code from Auth0 and retrieves a standard customer token.","tags":["Authentication and authorization"]}}}}
```
---
# Agent Instructions: Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.
Perform an HTTP GET request on the current page URL with the `ask` query parameter:
```
GET https://developer.emporix.io/api-references/api-guides/companies-and-customers/customer-management/api-reference/authentication-and-authorization.md?ask=
```
The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.
Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.