• Version: 1.2.0

Customer Tokens

When using our frontend SDKs, you are granted access using just the public key for your application, you therefore don’t get full read/write access to the API (You can read more here). There are some circumstances that would merit accessing that privileged data.

For those cases (if your user has a password), you can log them in and get a token which can be used in subsequent calls.

This topic covers the following processes:

Create a Password for a customer

To see how to create a password for a user please view this section

Log a customer in

To log a customer in, you can make a call to https://api.molt.in/v1/customers/token endpoint passing in the password and either and id or email to identify the user.

curl -X POST https://api.molt.in/v1/customers/token \
  -H "Authorization: Bearer XXXX" \
  -d "password=supersecret" \
  -d "email=support@moltin.com"

If you don’t supply the required fields, you will receive a combination of errors:

    "status": false,
    "errors": [
        "No password supplied to authenticate against",
        "No customer id or email sent to identify customer"

If the combination of user identifier and password are incorrect, you will receive the following error:

    "status": false,
    "errors": [
        "The supplied username/id or password was incorrect"

If the credentials can be used to authenticate the user, you will receive the users information back with a 64 character alphanumeric token which can be used to make subsequent calls on behalf of your user:

    "status": true,
    "result": {
        "email": "support@moltin.com",
        "group": "",
        "password": true,
        "last_name": "Doe",
        "first_name": "John",
        "id": 1055961503028478872,
        "token": "202d4b0f08fff904601c9c74cd550156242cbf538aca95f9145d7d38615f8ff3"

Log a customer out

You can log a customer out and remove their token by sending a DELETE request to the token endpoint:

curl -X DELETE https://api.molt.in/v1/customers/token/202d4b0f08fff904601c9c74cd550156242cbf538aca95f9145d7d38615f8ff3 \
  -H "Authorization: Bearer XXXX"

Making calls on behalf of the customer

Once you have the user token, you can start making calls on behalf of the customer that the token is for.

Your token will last for 7 days before the customer needs to reauthorise

You can now make calls to the API on behalf of that customer to the following endpoints:

Method Endpoint
GET/DELETE https://api.molt.in/v1/customers/{token}
GET https://api.molt.in/v1/customers/{token}/orders
GET https://api.molt.in/v1/customers/{token}/orders/{order_id}
GET https://api.molt.in/v1/customers/{token}/orders/{order_id}/items
GET/POST https://api.molt.in/v1/customers/{token}/addresses
GET https://api.molt.in/v1/customers/{token}/addresses/fields
GET/PUT https://api.molt.in/v1/customers/{token}/addresses/{address_id}
GET https://api.molt.in/v1/customers/{token}/addresses/{address_id}/fields