Authentication

Authenticate Shoppers and Store Admins

👋

Pricing & Plans

The REST Lists API is available only on our Premium plans or above. Check out our Pricing & Plans page for more information.

Introduction

The app utilizes both Shopper API and Store Admin API to accomplish Wishlist functionality seamlessly.

Authentication is divided into to two types.

  1. Store Admin Authentication
  2. Shopper Authentication

Store Admin Authentication

The Store Admin API is essential for generating the 'regid' needed by shoppers. As store administrators are responsible for creating and managing these unique identifiers, the process must be executed in a secure, non-client-side environment to maintain security and prevent unauthorized access or exposure of the API Key and Username.

The Store Admin API ensures the secure generation and management of 'regid' tokens, allowing only authorized store administrators to access and handle this information.

The store Admin API uses Basic Authentication to verify the source of the calls.

Example

Here we list two examples -

  1. Basic Auth
  2. With Authorization headers .

Request

curl '{{Swym API Endpoint}}/storeadmin/me' \
  --basic \
  --user {{pid}}:{{APIKey}} \
  --compressed
curl '{{Swym API Endpoint}}/storeadmin/me' \
  -H 'Authorization: Basic {{BASE64-ENCODING-OF-"pid:apikey"}}' \
  --compressed
  

Response

{
  "pid": "yourstorepid",
  "appId": "StoreadminApi"
}

Shoppers can add a product to their wishlist using their unique 'regid' and a session ID, which is in the response for the generate-regid API call. The List API handles the management of wishlists, allowing shoppers to add, remove, or view items in their list using the said regid.

Shoppers can be categorised into two types:

  1. Logged In or Authenticated Shopper: These shoppers have registered and logged into their accounts on the platform.
  2. Anonymous Shopper/Guest User: These shoppers have not registered or logged in, and are browsing the platform without an account.

Logged In or Authenticated Shopper.

An authenticated user, also known as a "logged-in" user, is a user persona that engages with the Wishlist feature using a registered account or user email. This is the preferred mode of user interaction, as it provides a more personalized and seamless user experience.

Anonymous Shopper / Guest User

A non-authenticated user, or "anonymous" user, is a user persona that interacts with the Wishlist APIs without a user account or email. Swym REST APIs enable implementing anonymous or guest sessions in native or headless platforms, providing a reference for implementation.

In summary, the Wishlist app leverages the capabilities of both Shopper API and Store Admin API to provide an enhanced and secure shopping experience.

While Shopper API empowers end users to manage their wishlists, Store Admin API enables store administrators to maintain control over the unique 'regid' tokens, ensuring data privacy and security for all parties involved.

Storefront Shopper APIs use Swym RegId token for authentication. This requires adding below params in every request

curl '{{Swym API Endpoint}}/{{storefront endpoint}}?pid={{url encoded pid}}'  
  -H 'Content-Type: application/x-www-form-urlencoded'  
  --data-urlencode 'regid={{regid}}'  
  --data-urlencode 'sessionid={{sessionid}}'  
  --compressed
FieldParameterDescription
pidqueryUnique identifier for your store
regidform dataSwym RegId token generated for a shopper using Generate RegId
sessionidform dataSession id generated with Generate RegId or headless session id