There was a problem loading the comments.

Registration and Access Tokens

Support Portal  »  Knowledgebase  »  Viewing Article

  Print
  • 24/02/2022 1:14 PM

To create(register) a user in the system, use the following request:

POST /customer/user

{
  "email": "example@gmail.com",
  "firstname": "Test",
  "lastname": "Testington",
  "password": "testpass"
  "language": "en-US",
  "phone": "0045",
  "address": "Helsinki",
  "city": "Helsinki",
  "postal_code": "00",
  "country": "Finland",
  "time_zone": "Europe\\Helsinki",
  "onhold": "0"
}

Example response body:

{
	"id": 1,
	"status": "active",
	"username": "example@gmail.com",
	"first_name": "Test",
	"last_name": "Testington",
	"developer": 0,
	"role": "user",
	"date_registered": "2016-01-01 12:00:00",
	"onhold": 0,
	"enable_special_payments": 0,
	"profile": {
		"customer_profile_id": 1,
		"user_id": 1,
		"firstname": "Test",
		"lastname": "Testington",
		"language": "en-US",
		"status": "active",
		"use_gravatar": 1,
		"phone": "0045",
		"address": "Helsinki",
		"city": "Helsinki",
		"postal_code": "00",
		"country": "Finland",
		"time_zone": "Europe\\Helsinki",
		"type": "master",
		"email": {
			"customer_profile_email_id": 1,
			"customer_profile_id": 1,
			"email": "example@gmail.com",
			"description": "Registration Email",
			"type": "primary",
			"user_id": 1
		}
	},
	"_links": {
		"self": {
			"href": "http://api.prime.dev/customer/user/1"
		}
	},
	"_language": {
		"translations": [],
		"supported": {
			"en-US": "English",
			"bg-BG": "Български",
			"tr-TR": "Türk",
			"fi-Fi": "Finnish"
		},
		"current_language": "en-US",
		"fields": []
	}
}

Note: the following registration request creates customer user, customer profile, customer email and customer wallet.

Note 2: If key "password" is sent with the request body, the system will create profile with the given password. If password key is not sent with the request body, the system will create one and send it to the given email.

Possible error for duplicating an email address

{
	"validation_messages": {
		"email": {
			"recordFound": "A record matching the input was found"
		}
	},
	"type": "http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html",
	"title": "Unprocessable Entity",
	"status": 422,
	"detail": "Failed Validation"
}

The system supports two different authentication types: client_credentials and password.

The clientcredenils authorize the software/application as a client to the backend system the Password method authorize your software’s customers as a users in the system. So basically it is matter which resource you need to fetch, for providing the right auth method. If the resource is general for the system, as: Catalog\Product, Categories, Options or something non customer specific, you can send only client credentials request. But if the resource is owned by the user, as: customer/product, cart/item or Customer/Profile, you have to send accesstoken, which is generated by grant_type: password, due to the fact, the system should be able to determinate which user/customer is sending the request.

(To see different grant types and additional information about them see Authentication and Authorization https://prime.gelato.io/reference/docs/authentication-and-authorization)

To authenticate the user in the system you need to obtain an access token with grant type resource owner password:

POST /oauth

{
  "client_id": "TestUser",
	"client_secret": "SomeSecret",
	"username": "TestUser@example.com",
	"password": "testpassword",
	"grant_type": "password"
}

<h3>Password Change</h3>

To change the password use the following request: (Requires authorization header with access token) POST /auth/change-password

Request body example:

{
  &quot;current_password&quot;:&quot;password v1&quot;,
  &quot;new_password&quot;:&quot;password v2&quot;
}

If the current password is right the API will respond with the following body:

{
  &quot;type&quot;: &quot;http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html&quot;,
  &quot;title&quot;: &quot;OK&quot;,
  &quot;status&quot;: 200,
  &quot;detail&quot;: &quot;Password updated successfully.&quot;
}

If the passed password is wrong, the API will respond with the following body:

{
  &quot;type&quot;: &quot;http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html&quot;,
  &quot;title&quot;: &quot;Unauthorized&quot;,
  &quot;status&quot;: 401,
  &quot;detail&quot;: &quot;Invalid password provided.&quot;
}

Share via

Related Articles

© ApiHawk