Customer authorization
The customers are the visitors to your website or mobile app users.
When logging in as a customer, you need a client API key.
- Keep the API keys secret. A leaked key must be deactivated immediately!
- When creating the API key, you can use allowlisting or denylisting to only allow the events you intend to use.
Authenticating as a recognized customer
You can use two endpoints to authenticate as a customer:
- Registers an account (unless the account already exists) when logging in using Facebook, Google, Sign in with Apple, or OAuth
- Does not register an account
Both endpoints accept the same payload.
If you use Synerise RaaS authorization, none of the endpoints above can be used to register an account. See Customer registration.
Example: Synerise RaaS authentication
The example includes only the fields that are required.
curl --request POST
--url https://{SYNERISE_API_BASE_PATH}/sauth/v2/auth/login/client
--header 'content-type: application/json'
--data '{
"apiKey": "1c586ac4-cb47-4c45-a7cf-e0fb74e8e5f4",
"identityProvider": "SYNERISE",
"password": "Pass1!",
"uuid": "5f89a52f-e526-4c7d-a50c-3f5c744d3162",
}'The response is a JSON Web Token (JWT) that must be included in the Authorization header of further requests. By default, the token is valid for 60 minutes.
Example: Facebook authentication, no registration if account does not exist
The example includes only the fields that are required.
curl --request POST
--url https://{SYNERISE_API_BASE_PATH}/sauth/v2/auth/login/client/conditional
--header 'content-type: application/json'
--data '{
"apiKey": "1c586ac4-cb47-4c45-a7cf-e0fb74e8e5f4",
"identityProvider": "FACEBOOK",
"identityProviderToken": "EAAfsMmaWLW0BAJZC3BWUZBi0izUcN9YntYLOZCtTkoPDrkcugIubbwrcXPPUPGKR6q4rdJdaK1sgNg4ARxVBQfUab8hafhPc2sXafL4wHVpS5mnEqrFTKbSHqj3ZBjX6HzMXXZA6qYnfNlzOQvjCEabjqgUdNQE6SrtPNQ7s7gZAOzFP3Ad1QB5vqxb276JM9yhBjVRp5SCdwZDZD"
}'The response is a JSON Web Token (JWT) that must be included in the Authorization header of further requests. By default, the token is valid for 60 minutes.
Authenticating as an anonymous customer
Method reference available here.
You can generate a JWT for a customer who does not have an account.
curl --request POST
--url https://{SYNERISE_API_BASE_PATH}/sauth/v2/auth/login/client/anonymous
--header 'content-type: application/json'
--data '{
"apiKey":"1c586ac4-cb47-4c45-a7cf-e0fb74e8e5f4",
"deviceId":"b8af0626-d5cf-44d6-b12a-ec72f946db6f",
"uuid":"07243772-008a-42e1-ba37-c3807cebde8f"
}'The response is a JSON Web Token (JWT) that must be included in the Authorization header of further requests. By default, the token is valid for 60 minutes.
Refreshing JWT
Method reference available here.
When the token is about to expire, you can obtain a new one without logging in again. This is not possible if the token has already expired.
curl --request POST
--url https://{SYNERISE_API_BASE_PATH}/sauth/v2/auth/refresh/client
--header 'Authorization: Bearer _YOUR_JWT_TOKEN_'
--header 'content-type: application/json'
--data '{
"apiKey":"1c586ac4-cb47-4c45-a7cf-e0fb74e8e5f4"
}'The response is a new token.
