Customer authorization

The customers are the visitors to your website or mobile app users.

Authenticating as a customer (RaaS)

Method reference available here.

This method applies when you use registration as a service (RaaS).

When logging in as a customer, you must provide the client API key, login data, and customer UUID.

If device control is enabled, device ID is also required. The format of the ID depends on the OS.

curl --request POST 
--url https://api.synerise.com/sauth/auth/login/client 
--header 'content-type: application/json' 
--data '{
    "apiKey":"01234abc-1234-5678-9abc-def012345678",
    "email":"sampleclient@synerise.com",
    "password":"strongpassword",
    "uuid":"b3f56868-9667-4843-a8e5-0509456baa9b",
    "deviceId": "deviceIdentifier"
}'

The response is a JSON Web Token (JWT) that must be included in the Authorization header of further requests. By default, the token is valid for 60 minutes.

Authenticating with OAuth

You can authenticate a Customer based on your existing solutions. The customer is authenticated by your backend.

In this case, the authentication process works in the following way:

  1. A customer sign-in to the application generates an OAuth request to your backend.
  2. Your backend provides the application with an access token.
  3. The access token is passed to Synerise by using the Log in with OAuth method method.
    Note: The method only works for existing customers. If your customer is logging in for the first time and you want to create an account, see Customer registration.
  4. Synerise passes that access token back to your System in order to check if it’s valid.
  5. In response:
    • If authentication is successful, Synerise receives Customer information such as email, first name, last name, or other details (the data can be mapped to fields in our system).
    • If the access token is not valid, the response type is different than HTTP 2xx.
  6. If the authentication was successful, Synerise responds with our JWT access token for the customer.
Image with Oauth scheme
Customer authentication scheme

Authenticating with Sign in with Apple

Method reference available here.

Note: The method only works for existing customers. If your customer is logging in for the first time and you want to create an account, see Customer registration.

Signing in with Apple requires an Apple Authentication token. If authentication is confirmed by Apple, the response is an Apple JWT. That token must be passed to Synerise in the “accessToken” field in order to generate a Synerise JWT.

curl --request POST 
--url https://api.synerise.com/sauth/auth/login/client/apple/no-registration 
--header 'content-type: application/json' 
--data '{
    "apiKey":"01234abc-1234-5678-9abc-def012345678",
    "accessToken": "eyJhbG...JsbSI6ImNsa"
    "uuid":"b3f56868-9667-4843-a8e5-0509456baa9b",
}'

The response is a JSON Web Token (JWT) that must be included in the Authorization header of further requests. By default, the token is valid for 60 minutes.

Authenticating with Facebook

Method reference available here.

Note: The method only works for existing customers. If your customer is logging in for the first time and you want to create an account, see Customer registration.

Authenticating with Facebook requires a Facebook Authentication token. If authentication is confirmed by Facebook, the response is an Facebook token. That token must be passed to Synerise in the “facebookToken” field in order to generate a Synerise JWT.

curl --request POST 
--url https://api.synerise.com/sauth/auth/login/client/facebook/no-registration 
--header 'content-type: application/json' 
--data '{
    "apiKey":"01234abc-1234-5678-9abc-def012345678",
    "facebookToken": "eyJhbG...JsbSI6ImNsa"
    "uuid":"b3f56868-9667-4843-a8e5-0509456baa9b",
}'

The response is a JSON Web Token (JWT) that must be included in the Authorization header of further requests. By default, the token is valid for 60 minutes.

Refreshing JWT

Method reference available here.

When the token is about to expire, you can obtain a new one without logging in again. This is not possible if the token has already expired.

curl --request GET 
  --url https://api.synerise.com/sauth/auth/refresh/client 
  --header 'authorization: Bearer eyJhbG...JsbSI6ImNsa'

The response is a new token.

😕

We are sorry to hear that

Thank you for helping improve out documentation. If you need help or have any questions, please consider contacting support.

😉

Awesome!

Thank you for helping improve out documentation. If you need help or have any questions, please consider contacting support.