AuthToken

An object representing an authentication token.

An authentication token can be passed as the auth parameter in the Context parameters instead of the traditional token retreived from Admin.login to grant a user administrator rights in a webshop.

There are minor restrictions on the administrator rights granted by a token from this API and that is that they will NOT give access to this API. To gain access you will need to use Admin.login.

It should be very clear that these are PERSISTENT authentication tokens. This means that if someone is able to get hold of a token, then they may use the same token to get elevated rights during OTHER sessions in the future. This means that they MUST be properly guarded if stored in an insecure environment and should NEVER be sent over an insecure connection. If a token is suspected of being compromised, then it should be deactivated (or deleted) as soon as possible.

Properties

Property Description
active Whether this authentication token can be used.
created Date and time of when the authentication token was created.
description A description of the token. May contain, e.g., information about who has it and what it is used for.
lastUsed Date and time of when the authentication token was last used.
name The name of the authentication token.
uid The authentication token.

Methods

count

Takes a filter object and returns the number of authentication tokens found, as an integer.

Parameters

A filter object specifying which authentication tokens to count. See Filter objects on the page List selection.

Example

The request below returns the number of active authentication tokens.

API Console
AuthToken.count(
  {
    "/active": true
  }
)
Response
2

create

Creates a new authentication token.

Parameters

Parameter Description
patch An object containing the properties and values to set for the new authentication token.
query Which info to return. See Query language.

Example

The request below creates an authentication token for a new integration with some application X.

API Console
AuthToken.create(
  {
    "name": "Integration X",
    "description": "An authentication key used to write an integration between the webshop and application X."
  },
  ["uid"]
)
Response
{
  "uid": "YXV0aDpRS4F7bdFom114RO9ygHObnnb/zIOds3iuXFhtoDGbWiUt"
}

get

Fetches information about an authentication token.

Parameter Description
uid The authentication token.
query Which info to return. See Query language.

Example

The request below checks whether a token is active.

API Console
AuthToken.get("YXV0aDpRS4F7bdFom114RO9ygHObnnb/zIOds3iuXFhtoDGbWiUt", ["active", "name"])
Response
{
  "active": true,
  "name": "Integration X",
}

getSchema

Fetches the JSON Schema which can be used for client-side validation.

Parameters

The authentication token or null for a new token.

list

Fetches multiple authentication tokens.

Parameters

Parameter Description
query Which info to return. See Query language.
selection Which authentication tokens to list. See List selection.

Example

The request below lists all active authentication tokens and their names.

API Console
AuthToken.list(["description", "name", "uid"], {"filters": {"/active": true}})
Response
[
 {

   "description": "Used to write an integration between the webshop and application X.",
   "name": "Integration X",
   "uid": "YXV0aDpRS4F7bdFom114RO9ygHObnnb/zIOds3iuXFhtoDGbWiUt"
 },
 {
   "description": "My private token."
   "name": "Private",
   "uid": "YXkjabHLDKJAHBFJHWGBWefklwjer234523fsdfjlknd/dh312Xr"
 },
 {
   "description": "An employee",
   "name": "John Doe",
   "uid": "YXs8ud9genjknKJDBANKSLdhbwefg234f?/fsIDkjhg3g23fasdD"
 }
]

set

Creates or updates an authentication token.

Parameters

Parameter Description
uid The authentication token or null to create a new token.
patch An object containing the properties and values to set for the authentication token.
query Which info to return. See Query language.

Example

If we suspect that an authentication token has been compromised, instead of deleting it we may deactivate it until we have investigated further whether this is indeed the case. After this request it will not be possible for anyone to use the token to authenticate themselves.

API Console
AuthToken.set("YXs8ud9genjknKJDBANKSLdhbwefg234f?/fsIDkjhg3g23fasdD", {"active": false}, false)
API Console
null

validate

Parameters

Parameter Description
uid The authentication token or null to create a new token.
patch An object containing the properties and values to set for the authentication token.

Errors

Error messages are given as an array of validation-error objects, each containing the keys pointer (a property referenced using a JSON Pointer) and message (a readable text in the language of the context).

Returns

If there are no validation errors, then an empty array is returned.