Authentication and authorization

Create and manage customer access tokens.

post

Creates a new customer account.

Note: The request needs to be authorized with an anonymous access token.

Required scopes

No specific scopes are required.

Authorizations

AuthorizationstringRequired

To generate an anonymous token, check out the 'Requesting an anonymous token' endpoint.

Path parameters

tenantstring · min: 3 · max: 16Required

Your Emporix tenant name.

Note: The tenant should always be written in lowercase.

Pattern: ^[a-z][a-z0-9]+$

Body

emailstring · min: 1Required

Customer email address.

Example: [email protected]

passwordstring · min: 1Required

Customer account password.

Responses

201

Created

application/json

Schema for showing location of the new resource.

idstringOptional

Resource identifier.

400

Request was syntactically incorrect. Details will be provided in the response payload.

application/json

401

Unauthorized

application/json

403

Given authorization scopes are not sufficient and do not match scopes required by the endpoint.

application/json

409Error

application/json

post

/customer/{tenant}/signup

POST /customer/{tenant}/signup HTTP/1.1
Host: api.emporix.io
Authorization: Bearer YOUR_SECRET_TOKEN
Content-Type: application/json
Accept: */*
Content-Length: 643

{
  "email": "[email protected]",
  "password": "password123",
  "customerDetails": {
    "title": "MR",
    "firstName": "John",
    "middleName": "",
    "lastName": "Doe",
    "contactEmail": "[email protected]",
    "contactPhone": "123456789",
    "company": "Emporix",
    "preferredLanguage": "en_US",
    "preferredCurrency": "EUR",
    "preferredSite": "main",
    "b2b": {
      "companyRegistrationId": "123-456-789"
    }
  },
  "customerAddress": {
    "contactName": "John Doe",
    "companyName": "Emporix",
    "street": "Platz der Republik",
    "streetNumber": "1",
    "streetAppendix": "",
    "extraLine1": "",
    "extraLine2": "",
    "zipCode": "11011",
    "city": "Berlin",
    "country": "DE",
    "state": "Berlin",
    "contactPhone": "123456789",
    "tags": [
      "BILLING",
      "SHIPPING"
    ]
  }
}

{
  "id": "13730481"
}

get

Sends an authentication request and returns an anonymous token. This operation causes creation of a new session-context document.

Anonymous token is valid for one hour. After that time it should be refreshed in order to keep the same session ID associated.

Query parameters

tenantstringRequired

Name of the tenant.

Note: Name of the tenant is always written in lowercase.

Example: {tenant}

client_idstringRequired

Your Emporix API key - client ID.

Example: {client_id}

Responses

200

The request was successful. An anonymous token is returned.

application/json

get

/customerlogin/auth/anonymous/login

GET /customerlogin/auth/anonymous/login?tenant={tenant}&client_id={client_id} HTTP/1.1
Host: api.emporix.io
Accept: */*

200

The request was successful. An anonymous token is returned.

{
  "token_type": "Bearer",
  "access_token": "tpYgJPZqddEQ2zwfzNtx79noBP65",
  "expires_in": 3599,
  "refresh_token": "7FnviYrxvQWYdzUVBVTvXeNAA4Jy1HPe",
  "refresh_token_expires_in": 86399,
  "sessionId": "6d4d4d5e-04b9-40c5-9074-4df1405c6081",
  "scope": "tenant={tenant}"
}

Refreshing an anonymous token

get

Sends an authentication request and returns new anonymous token with same session ID attached.

This operation causes update of a session-context document with given session ID.

Anonymous token is valid for one hour. After that time, another refresh anonymous token request should be sent.

Query parameters

tenantstringRequired

Name of the tenant.

Note: Name of the tenant is always written in lowercase.

Example: {tenant}

anonymous_tokenstringRequiredDeprecated

NOTE: It's recommended to use refresh_token parameter instead. Anonymous token that needs to be refreshed so that the same session ID will be kept. Provide the value of the access_token you get in response to requesting a token request.

Example: {GOToGKaEKFyR8DokPBwHH0Y3AKCo}

refresh_tokenstringRequired

A refresh token generated when the anonymous token is created.

Example: {7FnviYrxvQWYdzUVBVTvXeNAA4Jy1HPe}

client_idstringRequired

Your Emporix API key - client ID.

Example: {client_id}

Responses

200

The request was successful. An anonymous token is returned.

application/json

get

/customerlogin/auth/anonymous/refresh

GET /customerlogin/auth/anonymous/refresh?tenant={tenant}&anonymous_token={GOToGKaEKFyR8DokPBwHH0Y3AKCo}&refresh_token={7FnviYrxvQWYdzUVBVTvXeNAA4Jy1HPe}&client_id={client_id} HTTP/1.1
Host: api.emporix.io
Accept: */*

200

The request was successful. An anonymous token is returned.

{
  "token_type": "Bearer",
  "access_token": "tpYgJPZqddEQ2zwfzNtx79noBP65",
  "expires_in": 3599,
  "refresh_token": "7FnviYrxvQWYdzUVBVTvXeNAA4Jy1HPe",
  "refresh_token_expires_in": 86399,
  "sessionId": "6d4d4d5e-04b9-40c5-9074-4df1405c6081",
  "scope": "tenant={tenant}"
}

post

Logs in a customer and sends an authentication request. Returns two customer tokens:

Customer access token
Customer SaaS token

Note: The request needs to be authorized with an anonymous access token.

Required scopes

No specific scopes are required.

Authorizations

AuthorizationstringRequired

To generate an anonymous token, check out the 'Requesting an anonymous token' endpoint.

Path parameters

tenantstring · min: 3 · max: 16Required

Your Emporix tenant name.

Note: The tenant should always be written in lowercase.

Pattern: ^[a-z][a-z0-9]+$

Body

emailstring · min: 1Required

Customer email address.

passwordstring · min: 6Required

Customer account password.

Responses

200

The request was successful. A customer token is returned.

application/json

400

Request was syntactically incorrect. Details will be provided in the response payload.

application/json

401

Unauthorized

application/json

post

/customer/{tenant}/login

POST /customer/{tenant}/login HTTP/1.1
Host: api.emporix.io
Authorization: Bearer YOUR_SECRET_TOKEN
Content-Type: application/json
Accept: */*
Content-Length: 58

{
  "email": "[email protected]",
  "password": "password123"
}

{
  "access_token": "aYR3Lu3rpsQ9ODhBIR83b3txTr5K",
  "saas_token": "eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiIxMzg2OTAwMCIsImV4cCI6MTY0MDQ0NDAzMn0.lvxFOeCOk-DWi3kqwJwR8eKal3ON2rr53e9I6Pha5rI",
  "expires_in": 2591999,
  "refresh_token": "94tKQ2Tsvlf9dYbmyccA7X1Rqe54B6dH",
  "refresh_token_expires_in": 86399,
  "token_type": "Bearer",
  "session_id": "45c9726e-77c8-4bd0-b29d-61ab56f59726",
  "initialPassword": false
}

Logging out a customer

get

Logs out a customer and invalidates their customer token.

Note: The request needs to be authorized with a customer access token.

Required scopes

No specific scopes are required.

Authorizations

AuthorizationstringRequired

To generate a customer access token, go to the 'Logging in a customer' endpoint.

Path parameters

tenantstring · min: 3 · max: 16Required

Your Emporix tenant name.

Note: The tenant should always be written in lowercase.

Pattern: ^[a-z][a-z0-9]+$

Query parameters

accessTokenstringRequired

Customer access token to be invalidated.

Responses

204

No Content

400

Request was syntactically incorrect. Details will be provided in the response payload.

application/json

401

Unauthorized

application/json

get

/customer/{tenant}/logout

GET /customer/{tenant}/logout?accessToken=text HTTP/1.1
Host: api.emporix.io
Authorization: Bearer YOUR_SECRET_TOKEN
Accept: */*

No content

Refreshing a customer token

get

Sends an authentication request and returns a refresh token.

Note: The request needs to be authorized with an anonymous access token.

Required scopes

No specific scopes are required.

Authorizations

AuthorizationstringRequired

To generate an anonymous token, check out the 'Requesting an anonymous token' endpoint.

Path parameters

tenantstring · min: 3 · max: 16Required

Your Emporix tenant name.

Note: The tenant should always be written in lowercase.

Pattern: ^[a-z][a-z0-9]+$

Query parameters

refreshTokenstringRequired

Customer refresh token generated when a customer token is requested.

Example: {customer_refresh_token}

legalEntityIdstringOptional

Identifier of the legal entity associated with the user session.

Header parameters

AuthorizationstringRequired

Customer access token generated when the customer token is created.

Example: Bearer {customer_access_token}

Responses

200

The request was successful. A refresh token is returned.

application/json

400

Request was syntactically incorrect. Details will be provided in the response payload.

application/json

401

Unauthorized

application/json

get

/customer/{tenant}/refreshauthtoken

GET /customer/{tenant}/refreshauthtoken?refreshToken={customer_refresh_token} HTTP/1.1
Host: api.emporix.io
Authorization: text
Accept: */*

{
  "access_token": "2yXy8H7sByl4JSWrr7GRqxiCRMUm",
  "expires_in": 2591999,
  "refresh_token": "iwXAFjGwboaehJar1qNOkV05phDw1god",
  "refresh_token_expires_in": 86390,
  "token_type": "Bearer",
  "session_id": "45c9726e-77c8-4bd0-b29d-61ab56f59726"
}

Validate a token

get

Checks whether a token is valid. If the token is invalid, it returns a 401 status code. If the token is valid, it provides the token details.

Authorizations

AuthorizationstringRequired

To generate a customer access token, go to the 'Logging in a customer' endpoint.

Path parameters

tenantstringRequired

Name of the tenant.

Note: Name of the tenant is always written in lowercase.

Example: {tenant}

Header parameters

AuthorizationstringRequired

Customer access token generated upon the customer token creation.

Example: Bearer {customer_access_token}

Responses

200

The request was successful. A token details are returned.

application/json

401

Unauthorized

get

/customer/{tenant}/validateauthtoken

GET /customer/{tenant}/validateauthtoken HTTP/1.1
Host: api.emporix.io
Authorization: text
Accept: */*

{
  "token_type": "Bearer",
  "expires_in": 2591974,
  "scope": "approval.approval_read_own customermanagement.legalentity_read_own customer.customer_read_own quote.quote_read_own returns.returns_read_own iam.scope_read_own iam.user_read_own customersegment.segment_read_own iam.group_read_own order.order_readascustomer coupon.coupon_redeem customer.customerprofile_edit quote.quote_manage_own returns.returns_manage_own customer.customer_manage_own approval.approval_manage_own order.order_updateascustomer iam.assignment_delete_own customer.consent_view customer.customerprofile_view order.history_view iam.assignment_create_own customer.consent_manage tenant=test",
  "sessionId": "415c340b-5996-4112-bb3b-38139a409f93",
  "email": "[email protected]",
  "legalEntityId": "53ac81fd0cce8b26b36f3492"
}

Exchanging an external access token for an Emporix customer token

post

Exchanges an external access token (for example, from an identity provider such as Keycloak) for an Emporix customer access token.

Note: The request needs to be authorized with an anonymous token.

Required scopes

No specific scopes are required.

Path parameters

tenantstring · min: 3 · max: 16Required

Your Emporix tenant name.

Note: The tenant should always be written in lowercase.

Pattern: ^[a-z][a-z0-9]+$

Query parameters

subjectAccessTokenstringRequired

The subject access token (JWT) to exchange for a customer token.

Example: {subject_access_token}

configstringOptional

Configuration identifier (for example, site_PL). If not provided, the default configuration is used. If a non-existing configuration is provided, the request returns 400 Bad Request.

Example: site_PL

Header parameters

AuthorizationstringRequired

Anonymous token used to authorize the exchange.

Example: Bearer {anonymous_token}

Responses

200

The request was successful. A customer token is returned.

application/json

400

Request was syntactically incorrect. Details will be provided in the response payload.

application/json

401

Unauthorized

application/json

403

Given authorization scopes are not sufficient and do not match scopes required by the endpoint.

application/json

post

/customer/{tenant}/exchangeauthtoken

POST /customer/{tenant}/exchangeauthtoken?subjectAccessToken=text HTTP/1.1
Host: api.emporix.io
Authorization: text
Accept: */*

{
  "subject_access_token": "eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJqTEF2MmJINlhaVHNpZHBEZUNsNjFrNEJWTlREckRHRDV3Um1ETlQxNmpvIn0...",
  "access_token": "dEKATUWeewkraTlIzjVZBbGg7BQQ",
  "saas_token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJzdWIiOiJDMDAzMyIsImV4cCI6MTc3MTI3MzEwNiwiaWF0IjoxNzcxMjU4NzA2LCJqdGkiOiI0NTU0NzMzYS01NDY4LTRjYzctYjRiZS01OGZiMzA2Y2FhMGEifQ.5536UTfZ3KmNPbMDp5ZLRIeYwMV-P1jN5DUT2ZLu2qc",
  "refresh_token": "QtvQi9UAYS9GIbEGu73ERUmfdC569MBE",
  "refresh_token_expires_in": 15551999,
  "session_idle_time": 120,
  "token_type": "Bearer",
  "expires_in": 14399,
  "scope": "customer.customerprofile_edit approval.approval_manage_own returns.returns_manage_own iam.scope_read_own customersegment.segment_read_own customer.consent_view quote.quote_read_own customermanagement.legalentity_read_own approval.approval_read_own ai.agentexecution_manage_own returns.returns_read_own order.order_readascustomer order.order_updateascustomer customer.consent_manage quote.quote_manage_own order.history_view coupon.coupon_redeem customer.customerprofile_view tenant=cockpitsdev",
  "session_id": "14ccc133-5731-4d6c-8f38-ca82443e4e4e"
}

Logging in a customer with social login

post

Logs in a customer using an authentication code from Auth0 and retrieves a standard customer token.

Required scopes

No specific scopes are required.

Authorizations

AuthorizationstringRequired

To generate an anonymous token, check out the 'Requesting an anonymous token' endpoint.

Path parameters

tenantstring · min: 3 · max: 16Required

Your Emporix tenant name.

Note: The tenant should always be written in lowercase.

Pattern: ^[a-z][a-z0-9]+$

Query parameters

codestringRequired

The authorization code received from the identity provider.

redirect_uristringRequired

The redirect URI that was used in the initial authorization request.

code_verifierstringOptional

Required only if using PKCE (Proof Key for Code Exchange) flow.

Header parameters

session-idstringOptional

Anonymous customer unique session identifier.

Responses

200

application/json

400

Request was syntactically incorrect. Details will be provided in the response payload.

application/json

401

Unauthorized

application/json

post

/customer/{tenant}/socialLogin

POST /customer/{tenant}/socialLogin?code=text&redirect_uri=text HTTP/1.1
Host: api.emporix.io
Authorization: Bearer YOUR_SECRET_TOKEN
Accept: */*

{
  "social_access_token": "text",
  "social_id_token": "text",
  "refresh_token": "text",
  "refresh_token_expires_in": "text",
  "session_idle_time": 1,
  "token_type": "text",
  "access_token": "text",
  "saas_token": "text",
  "expires_in": "text",
  "scope": "text"
}

PreviousAddresses NextCredentials

Last updated 2 days ago

Was this helpful?

Good afternoon

hashtagCreating a new customer

hashtagRequired scopes

hashtagRequesting an anonymous token

hashtagRefreshing an anonymous token

hashtagLogging in a customer

hashtagRequired scopes

hashtagLogging out a customer

hashtagRequired scopes

hashtagRefreshing a customer token

hashtagRequired scopes

hashtagValidate a token

hashtagExchanging an external access token for an Emporix customer token

hashtagRequired scopes

hashtagLogging in a customer with social login

hashtagRequired scopes

Creating a new customer

Required scopes

Requesting an anonymous token

Refreshing an anonymous token

Logging in a customer

Required scopes

Logging out a customer

Required scopes

Refreshing a customer token

Required scopes

Validate a token

Exchanging an external access token for an Emporix customer token

Required scopes

Logging in a customer with social login

Required scopes