Token Based Authentication

In this article, you will learn how the Token Based Authentication works.

Token based authentication is a way to authenticate and log a customer into the loyalty program securely. Instead of authenticating a customer based on only the data passed through the basic integration snippet, the token based authentication adds an extra step for security.

Pre-requisites for Token Based Authentication

  1. Merchant needs to associate a token with a customer account in the database. This token should be unique for every customer session.

  2. Merchant is expected to generate an Endpoint(a method).The input to this endpoint is going to be an “access_token” and the output response must return the customer information in the following format.{"first_name": "Ethan", "last_name": "Hunt", "email": "[email protected]","uid": "12jlkd1k2" };

  3. The authentication type should be changed to "Token Based" in the Zinrelo admin console.This setting is available in the General >> Settings >>Loyalty Settings

Token Based Authentication Flow

Token Based AuthenticationToken Based Authentication

Changes Required to the Basic Integration

The basic integration JS will stay the same. Only an additional 'access_token' parameter is passed through the script. Though the customer information is exchanged through the front end, the customer will only be authenticated when Zinrelo receives the customer information from the configured end point URL.

window._zrl  =  window._zrl || [];
       var  init_data =
       {
         ‘partner_id’ : XXXXXXXX, /*REQUIRED: Zinrelo Partner ID*/
         ‘email’ : ‘[email protected]’, 
         /*REQUIRED: When User is Logged in. For Non-Logged in users, 
         pass an empty string ('').*/
         ‘name’ : ‘User  Full Name’,         
         /*REQUIRED: When User is Logged in. For Non-Logged in 
         users, pass an empty string (''). */
          ‘user_id’ : ‘Unique-user-ID’ 
          /*REQUIRED: When User is Logged in. For Non-Logged in users and   
          guest users who DO NOT have an account, pass an empty string ('')*/
          ‘access_token’ : ‘access token’ 
          /*REQUIRED: When User is Logged in. Must be unique for a given user session*/
       };
       _zrl.push( [ ‘init’ , init_data ] );

Did this page help you?