Basic Auth Flow |

# Basic Auth Flow

Our legacy implementation follows a similar behaviour of the deprecated implicit oauth flow. First you identify against the API with your crendentials, then you will receive back a JWT token with a predefined validity.

# We strongly discourage the usage of this mechanism in any implementation, as it requires to store credentials, or demands a manual input of them.

# Getting Started

To authenticate with the basic method, just request a JWT Token from the API, using the account credentials. This will only work if you have a) access to the credentials at any time and b) do not need to store them somewhere. The basic flow allways grants you full admin permissions, and can only be revoked by resetting the password. Also a token won't be dissarmed until expired. Thus if your credentials are comprommised, you will most likely loose control over your Tillhub account.

# Authentication

# Example Request

curl -X POST \
  https://api.tillhub.com/api/v1/users/login \
  -H 'Content-Type: application/json' \
  -d '{"email":"E-Mail","password":"YourPWD"}'

1
2
3
4

# Response

{
    "status": 200,
    "msg": "Authentication was good.",
    "request": {
        "host": "api.tillhub.com",
        "id": "19e0dbdc-0dea-4f7b-bad0-b337d0c6eab4"
    },
    "user": {
        "id": "YourAccountUUID",
        "name": "YourAccountName",
        "legacy_id": null,
        "scopes": [
            "admin"
        ],
        "role": "owner"
    },
    "valid_password": true,
    "token": "JW-Token",
    "token_type": "Bearer",
    "expires_at": "2020-06-12T06:59:20.000Z",
    "features": {
        "savedcart": true
    }
}

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24

# Making a call

In order to make a call to the Backend, utilise the Bearer token returned by the authentication endpoints. E.g. in the products tutorials..