Auth
To obtain a valid session token, you must make a call to the endpoint POST /auth.
Backoffice Access Request
For login authentication Backoffice, in the request enter the parameters:
• username (username of the operator requesting access),
• passwords (password associated with the operator requesting access),
• campaignid (the campaign id of your brand related to the production environment | empty if the operator has network access),
• devicetype (type of device from which the customer tries to log in 1=Browser 2=Android device 3=iOS Device)
• scope (type of access required, in this case 'backoffice').
Request for Terminal Access
For login authentication Terminal, in the request enter the parameters:
• username (username of the operator requesting access),
• passwords (password associated with the operator requesting access),
• serialnumber (serial number linked to the terminal associated with the operator requesting access),
• campaignid (the campaign id of your brand related to the production environment),
• devicetype (type of device from which the customer tries to log in 1=Browser 2=Android device 3=iOS Device)
• scope (type of access required, in this case 'terminal').
Customer Access Request
For login authentication customersynchro, in the request enter the parameters:
(access to be used if the actions to be performed are before or during the customer registration phase, then before logging in)
• username (field not to be inserted),
• passwords (field not to be inserted),
• campaignid (the campaign id of your brand related to the production environment),
• devicetype (type of device from which the customer tries to log in 1=Browser, 2=Android device, 3=iOS Device)
• scope (type of access required, in this case 'customersynchro').
For login authentication Customer, in the request enter the parameters:
• username (username of the customer's account),
• passwords (customer account password),
• campaignid (the campaign id of your brand related to the production environment),
• devicetype (type of device from which the customer tries to log in 1=Browser 2=Android device 3=iOS Device)
• scope (type of access required, in this case 'customer').
If the outcome of the call to the POST /auth endpoint was http 200, a JSON object is obtained in response where the 'token' and 'refreshtoken' fields will be present.