Versions Compared

Old Version 10

changes.mady.by.user Perry Tew

Saved on

compared with

New Version 11

changes.mady.by.user Perry Tew

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Info

Every call in the MyAccount REST API uses two cookies for authentication:

UltraCartMerchantId - Merchant ID

UltraCartShoppingCartId - Cart ID

This is to remain consistent with the UltraCart shopping cart engine. Using the same two cookies avoids multiple login prompts to the customer.

These cookies are automatically set by the login methods, so after login, security is transparent.

Most pages may use a simple model to handle expired sessions or invalid logins:

Code Block
themeDJango
languagejavascript
linenumberstrue
var redirectToLogin = function () {
  var location_href = "index.html";
  if (location.hash && location.hash.length > 0) {
    location_href += "?hash=" + location.hash.substring(1);
  }
  location.href = location_href;
};
jQuery(document).ajaxError(function (event, xhr) {
  if (xhr.status == 401)
    redirectToLogin();
});

Be aware that the valid presence of these two cookies is not enough to constitute a "logged in" status. The customer must have submitted their profile username and password as some point and the server must have a flag set on its internal record denoting the customer as logged. So do not assume that just because you're seeing these two cookies accompany REST calls that the customer is logged in.

 

 

Object Model

These json objects are used with the REST MyAccount API.   

...

Method
GET
Comments
Descriptionreturns MyAccount object if logged in, else empty object

Useful for determining if the customer is logged in without triggering a 401 Unauthorized response from the server.

In the demo, this call is only used on the main page to determine whether to show the login screen or not.

Most of the MyAccount pages will use security like this:

Code Block
languagejavascript
var redirectToLogin = function () {
 var location_href = "index.html";
 if (location.hash && location.hash.length > 0) {
 location_href += "?hash=" + location.hash.substring(1);
 }
 location.href = location_href;
};
var theDocument = jQuery(document);
theDocument.ajaxError(function (event, xhr) {

 if (xhr.status == 401)
 redirectToLogin();
});

 
However, that's not desired for the main page, so loggedIn provides a way of checking without triggering a 401.

Cookies

UltraCartMerchantId - Merchant ID

UltraCartShoppingCartId - Cart ID

 
Path Parametersnone 
Query Parameters

none

 
Headers

none

 
Receives Jsonnone 
Returns JsonMyAccount object if logged in, else empty object

Note: To avoid json parser errors from the likes of FireFox, if the customer is not logged in, the method does NOT return null. It returns an empty object. So your check for logged in status should be something like this:

.done(function (result) {
if(result && result.email){
// proceed with success path

settings = result;

} else {
settings = null; // if the result is an empty object, then customer is not logged in.
}
})

By checking both 'result' and 'result.email' for values, you'll get correct results as to whether the customer is logged in or not.

   

TODO:

 

 

/rest/myaccount/

...

login

Method
GET or POST
Comments
Description

logs in a customer and returns their base information

(MyAccount object)

There are two ways to login: GET or POST.

For the GET, the three parameters are submitted. For POST, a CustomerCredentials object is submitted (it's a simple object with three fields).

Cookies

UltraCartShoppingCartId - Cart ID

not required, but if passed along and valid, the same shopping cart will continue to be used. Otherwise, a new cart is created and Set-Cookie headers will accompany a successful login. 
Path Parametersnone 
Query Parameters

For GET:

merchantId

email

password

For POST:

none

 
Headers

none

 
Receives JsonCustomerCredentials 
Returns JsonMyAccount object if successful

A failed login will result in a 401 Unauthorized http status.

Any missing parameers will result in a 400 Bad Request http status.

Example 
Code Block
themeDJango
languagejavascript
linenumberstrue
  this.login = function (email, password, options) {
    options = options || {};
    var credentials = {merchantId: merchantId, email: email, password: password};
    var account = null;
    jQuery.ajax({
      url: restUrl + '/login',
      data: JSON.stringify(credentials),
      type: 'post',
      async: (options.success || options.failure) ? true : false,
      headers: { "cache-control": "no-cache" },
      contentType: 'application/json; charset=UTF-8',
      cache: false,
      dataType: 'json'
    }).done(function (result) {
              account = result;
              if (options.success) {
                options.success(account);
              }
            })
            .fail(function (jqXHR, textStatus, errorThrown) {
              if (options.failure) {
                options.failure(jqXHR, textStatus, errorThrown);
              }
            });
    return account;
  };

 

TODO:

/myaccount/logout (GET)

/myaccount/changePassword (POST)

...