Authentication
Authenticate Shoppers and Store Admins
The REST Lists API is available only on our Premium plans or above. Check out our Pricing & Plans page for more information.
Introduction
The app utilizes both Shopper API and Store Admin API to accomplish Wishlist functionality seamlessly.
Authentication is divided into to two types.
- Store Admin Authentication
- Shopper Authentication
Store Admin Authentication
The Store Admin API is essential for generating the 'regid' needed by shoppers. As store administrators are responsible for creating and managing these unique identifiers, the process must be executed in a secure, non-client-side environment to maintain security and prevent unauthorized access or exposure of the API Key and Username.
The Store Admin API ensures the secure generation and management of 'regid' tokens, allowing only authorized store administrators to access and handle this information.
The store Admin API uses Basic Authentication to verify the source of the calls.
Example
Here we list two examples -
- Basic Auth
- With Authorization headers .
Request
curl '{{Swym API Endpoint}}/storeadmin/me' \
--basic \
--user {{pid}}:{{APIKey}} \
--compressed
curl '{{Swym API Endpoint}}/storeadmin/me' \
-H 'Authorization: Basic {{BASE64-ENCODING-OF-"pid:apikey"}}' \
--compressed
Response
{
"pid": "yourstorepid",
"appId": "StoreadminApi"
}
Shoppers can add a product to their wishlist using their unique 'regid' and a session ID, which is in the response for the generate-regid API call. The List API handles the management of wishlists, allowing shoppers to add, remove, or view items in their list using the said regid.
Shoppers can be categorised into two types:
- Logged In or Authenticated Shopper: These shoppers have registered and logged into their accounts on the platform.
- Anonymous Shopper/Guest User: These shoppers have not registered or logged in, and are browsing the platform without an account.
Logged In or Authenticated Shopper.
An authenticated user, also known as a "logged-in" user, is a user persona that engages with the Wishlist feature using a registered account or user email. This is the preferred mode of user interaction, as it provides a more personalized and seamless user experience.
Anonymous Shopper / Guest User
A non-authenticated user, or "anonymous" user, is a user persona that interacts with the Wishlist APIs without a user account or email. Swym REST APIs enable implementing anonymous or guest sessions in native or headless platforms, providing a reference for implementation.
In summary, the Wishlist app leverages the capabilities of both Shopper API and Store Admin API to provide an enhanced and secure shopping experience.
While Shopper API empowers end users to manage their wishlists, Store Admin API enables store administrators to maintain control over the unique 'regid' tokens, ensuring data privacy and security for all parties involved.
Storefront Shopper APIs use Swym RegId token for authentication. This requires adding below params in every request
curl '{{Swym API Endpoint}}/{{storefront endpoint}}?pid={{url encoded pid}}'
-H 'Content-Type: application/x-www-form-urlencoded'
--data-urlencode 'regid={{regid}}'
--data-urlencode 'sessionid={{sessionid}}'
--compressed
| Field | Parameter | Description |
|---|---|---|
| pid | query | Unique identifier for your store |
| regid | form data | Swym RegId token generated for a shopper using Generate RegId |
| sessionid | form data | Session id generated with Generate RegId or headless session id |
Updated 11 months ago