Cookies and Tokens r7.5


Below are some useful details about Cookies and Tokens in the Skava Commerce 7.5 environment.

Skava Authentication

  • Endpoints use a mix of cookies and tokens to authenticate
  • Tokens are passed in explicitly
  • Cookies need to be in the headers of requests
  • Requests missing the right set of things will fail, sometimes cryptically

Getting the JWTS Claim

Admin Login

  • Login to Corp Admin (email/password) tuple
  • Returns a 24-hour admin token for the role
  • Returns a renewal token for the role
  • Include the token in all admin calls
  • When token expires, renew it with the renewal token
  • Admin token encapsulates the permissions associated with the role(s) of the login

Logging in as a “Customer”

  • If you want to do head like things on behalf of a user (or your own logged in user)
  • Need a service token (see above)
  • Login with identity (email/password, or Facebook, Twitter, etc.)
  • On success, will return sessionID this is also set in a cookie
  • The ckcjeu_3 cookie needs to be set on all calls for this user
    • Used to associate profile
    • Used to associate cart
  • con.setRequestProperty(“ckcjeu_3”,this.getSessionID());


Revision History
2020-03-31 | AM – Minor copyedit.
2019-06-14 | PLK – Page created and content uploaded.