Cookies and Tokens r7.5
Below are some useful details about Cookies and Tokens in the Skava Commerce 7.5 environment.
- Endpoints use a mix of cookies and tokens to authenticate
- Tokens are passed in explicitly
- Cookies need to be in the headers of requests
- Requests missing the right set of things will fail, sometimes cryptically
Getting the JWTS Claim
- Login to Corp Admin (email/password) tuple
- Returns a 24-hour admin token for the role
- Returns a renewal token for the role
- Include the token in all admin calls
- When token expires, renew it with the renewal token
- Admin token encapsulates the permissions associated with the role(s) of the login
Logging in as a “Customer”
- If you want to do head like things on behalf of a user (or your own logged in user)
- Need a service token (see above)
- Login with identity (email/password, or Facebook, Twitter, etc.)
- On success, will return sessionID this is also set in a cookie
- The ckcjeu_3 cookie needs to be set on all calls for this user
- Used to associate profile
- Used to associate cart
2020-03-31 | AM – Minor copyedit.
2019-06-14 | PLK – Page created and content uploaded.