Basics: Authentication

Basics: Authentication

Introduction

This section will cover the basics of the authentication.

API Reference

You can find all available BigCommerce module methods and their description in the API Reference.

Customer Login

To authenticate the user, you can use the loginCustomer method. The channel id will be automatically picked up from the cookie in the requests header.

import { sdk } from '~/sdk.config.ts';

const loginResponse = await sdk.bigcommerce.loginCustomer({
    email: 'test@test.com', password: 'pas55w0rd'
});

Under the hood, the loginCustomer endpoint will:

  1. Make a call to BigCommerce to Validate the Customers credentials.
  2. If the credentials are valid. The middleware will create a JWT token with the customer's ID returned in the response.
  3. Store the JWT token as a customer-data cookie which will be included with the requests. This cookie is used in ensuring the security over operating over the customer specific data.

Customer Login using GraphQL

To authenticate the user using GraphQL, you can use the loginCustomerGql method. The channel id will be automatically picked up from the cookie in the requests header.

import { sdk } from '~/sdk.config.ts';

const loginResponse = await sdk.bigcommerce.loginCustomerGql({
    email: 'test@test.com', password: 'pas55w0rd'
});

Under the hood, the loginCustomer endpoint will:

  1. Make a call to BigCommerce GraphQL endpoint with the Login Customer mutation.
  2. If the credentials are valid. The middleware will create a JWT token with the customer's ID returned in the response.
  3. Store the JWT token as a customer-data cookie which will be included with the requests. This cookie is used in ensuring the security over operating over the customer specific data.

Rate Limiter

Please bear in mind that the validateCredentials endpoint used as part of the standard customer authentication performs faster than the GraphQL Login, however it has a rate limiter set. If a sizeable traffic of curstomers is expected to visit your website it is recommended to user the Login via the GraphQL.

Validate Credentials method. Endpoint can also be called directly from the SDK. It can be used to verify if the login and password matches an existing customer. The channel id will be picked up from the requests header.

import { sdk } from '~/sdk.config.ts';

const response = await sdk.bigcommerce.validateCredentials({
    email: 'test@test.com', password: 'pas55w0rd'
});

This can be useful for scenarios when creating new custom features, like newsletter sign up, where it would be required to ensure the customer provides their credentials but would not neccessary be logged in to the app.

Customer Logout

To logout the user, you can use the logoutCustomer method. The channel id will be automatically picked up from the cookie in the requests header.

Calling the logout API will remove the user related cookies and will generate and make a fetch request to the logout URL for the BigCommerce Stencil theme.

import { sdk } from '~/sdk.config.ts';

const logoutResponse = await sdk.bigcommerce.logoutCustomer();