How to login
login-Mutation will log a user in. One of email, pid, externalId or memberNumber is required, along with password. Returns an authorization token if the login was successful.
login-inputlogin-mutationlogin-output
{
"email": "test@storeapi.com",
"password": "storeapi"
}mutation LoginMutation($email: String, $password: String!) {
login(email: $email, password: $password) {
token {
value
}
}
}{
"data": {
"login": {
"token": {
"value": "235-length string"
}
}
}
}How to login with external hash Id
As mentioned above you will still use the login-Mutation but password is not required. You will use email, externalHashId, and timeStamp. There is also the alternative option, of using customerId instead of email, together with an externalHashId and timeStamp.
Here's how you can generate your externalHashId:
-
Concatenate the string values of the following, in this order:
current timestamp+e-mail address(orcustomerID, if you're using that) +secret login salt(configured by our product support). - Convert the result in a UTF-8 byte array
- Encode that with the SHA256 algorithm
- Convert the result to a string of Hex values (each byte to a 2-digit hex)
- and finally convert it to a Base64 string.
The hash you are sending through the mutation will be validated based on the configured salt.
hash-creation-examplelogin-inputlogin-mutationlogin-output
import CryptoJS from 'crypto-js'
const params = [
new Date().toJSON(),
"__EMAIL__",
"__SALT__",
]
const externalHashId = btoa(CryptoJS.SHA256(params.join('')).toString())
const loginVariables = {
timeStamp: params[0],
email: params[1],
externalHashId
}{
"email": "test@storeapi.com",
"externalHashId": "Y2Q4Y2JmNzY4M2UxOTE5ZDg2Y2IzZWMwYTUwZDc5NzRmMDJkMjI3MDBiZDI5YTQzZTA0YzVhMWEyYTFkNTU3Yw==",
"timeStamp": "2022-09-05T06:46:26.104Z"
}mutation LoginMutation($email: String, $hash: String, $timeStamp: String) {
login(email: $email, externalHashId: $hash, timeStamp: $timeStamp) {
token {
value
}
}
}{
"data": {
"login": {
"token": {
"value": "235-length string"
}
}
}
}