Customer Login by Token overview

Edit on GitHub

Customer Login by Token feature lets B2B users log in to Spryker Shop using a token.

Most modern ecommerce applications let customers log in by token or, in other words, they support token-based authentication. They do so for several good reasons:

  • Tokens are stateless. They are stored on the client side and already contain all the information they need for authentication. No session information about the server is great for scaling your application.

  • Tokens are secure. Tokens (not cookies) are sent on every request, which helps to prevent attacks. Since the session is not stored, there is no session-based information that could be manipulated.

  • Extensibility and access control. In the token payload, you can specify user roles, permissions as well as resources that the user can access. Besides, you can share some permissions with other applications.

For technical details see Customer Login by Token reference information

Developer guides

Are you a developer? See Company Account feature walkthrough for developers.