...
Info | |||||||||
---|---|---|---|---|---|---|---|---|---|
Every call in the MyAccount REST API uses two cookies for authentication:
This is to remain consistent with the UltraCart shopping cart engine. Using the same two cookies avoids multiple login prompts to the customer. These cookies are automatically set by the login methods, so after login, security is transparent. Most pages may use a simple model to handle expired sessions or invalid logins:
Be aware that the valid presence of these two cookies is not enough to constitute a "logged in" status. The customer must have submitted their profile username and password as some point and the server must have a flag set on its internal record denoting the customer as logged. So do not assume that just because you're seeing these two cookies accompany REST calls that the customer is logged in. |
Object Model
These json objects are used with the REST MyAccount API.
...
Method | GET | Comments | |||||
---|---|---|---|---|---|---|---|
Description | returns MyAccount object if logged in, else empty object | Useful for determining if the customer is logged in without triggering a 401 Unauthorized response from the server. In the demo, this call is only used on the main page to determine whether to show the login screen or not. Most of the MyAccount pages will use security like this:
| |||||
Cookies |
| ||||||
Path Parameters | none | ||||||
Query Parameters | none | ||||||
Headers | none | ||||||
Receives Json | none | ||||||
Returns Json | MyAccount object if logged in, else empty object | Note: To avoid json parser errors from the likes of FireFox, if the customer is not logged in, the method does NOT return null. It returns an empty object. So your check for logged in status should be something like this: .done(function (result) { settings = result; } else { By checking both 'result' and 'result.email' for values, you'll get correct results as to whether the customer is logged in or not. | |||||
TODO:
/rest/myaccount/
...
login
Method | GET or POST | Comments | |||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
Description | logs in a customer and returns their base information (MyAccount object) | There are two ways to login: GET or POST. For the GET, the three parameters are submitted. For POST, a CustomerCredentials object is submitted (it's a simple object with three fields). | |||||||||
Cookies |
| not required, but if passed along and valid, the same shopping cart will continue to be used. Otherwise, a new cart is created and Set-Cookie headers will accompany a successful login. | |||||||||
Path Parameters | none | ||||||||||
Query Parameters | For GET:
password For POST: none | ||||||||||
Headers | none | ||||||||||
Receives Json | CustomerCredentials | ||||||||||
Returns Json | MyAccount object if successful | A failed login will result in a 401 Unauthorized http status. Any missing parameers will result in a 400 Bad Request http status. | |||||||||
Example |
|
TODO:
/myaccount/logout (GET)
/myaccount/changePassword (POST)
...