WS-App-Login (EN)
- Jennifer Pusch
- vTranslator
- Rainer Biedermann
General
In order to enable a login in a WEBSALE shop via a server-, PC- or smartphone-based application, the interface described here can be used.
Definition
App-Login: This interface is called "App-Login".
App: The word "app" is used in the following for "application".
Device: carrier systems of apps such as server, desktop computer, tablet PC, smartphone, etc. are hereinafter referred to as "device".
Data Security
No storage of the password
The login data (eMail + password) is entered in the app and sent to the shop. The app must not store the shop password of the user. So that the user does not have to re-enter his login data every time he visits the shop, the app requests a token from the shop (JSON Web Token according to industry standard: RFC 7519), which can be stored permanently. This token can be used to log into the shop or open a session.
Data transfer
SSL connection
An SSL connection to the shop server must always be established in order to carry out communication. Unencrypted connections are rejected by the shop.
REST API
The communication to the shop is done via REST(Representational State Transfer). The content is transferred in JSON format.
Interface functions
GetToken" function
Request a token from the shop, which can be stored permanently by the app. The login data of a user account existing in the shop must be passed. In addition, the unique device ID is passed.
Function "GetSID"
Request a session ID. For this the stored token and the device ID must be passed. Afterwards, a link to the shop with the passed session ID is created. A session has a default timeout of 2 hours.
Register" function
A new user is created in the shop.
Function "Logout
The session is terminated.
Data exchange
GetToken
URL: https://Ihre-Shop-Domain/_api/shop/AppLogin/GetToken |
Request from the app
HTTP header:
Method: POST |
Content:
{ |
Response from shop
Success:
HTTP Code: 200 |
Content:
{ |
Example:
{
"token": "ey6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6Ikp..."
}The token can be stored permanently by the app.
Error:
HTTP Code: 400 |
Content:
{ |
GetSID
The token is used to request a session ID from the shop. Subsequently, the shop is linked to this session ID. The session ID can be stored by the app if multiple shop links are executed by the app.
URL: https://Ihre-Shop-Domain/_api/shop/AppLogin/GetSID |
Request from the app
HTTP header:
Method: POST |
Content:
{ |
Response from the shop
Success:
HTTP Code: 200 |
Content:
{ |
Example:
{
"sid": "12aa3318987654bccbff991155226677"
}Error:
HTTP Code: 400 |
Content:
{ |
Register
Creating a new user in the shop. A new user can only be created if there is no account in the shop with the given email address. In addition, the transferred password is compared with the password quality guidelines set in the shop. If the password is e.g. too short or too simple, then the creation of a new user is rejected by the shop.
The rule of thumb for the password is
Minimum length: 8 characters
The password must contain at least
1 letter
1 digit
1 special character
The password must not be identical or similar to the email address.
Please contact WEBSALE AG regarding the password quality guidelines posted in the shop.
URL: https://Ihre-Shop-Domain/_api/shop/AppLogin/Register |
Request from the app
HTTP header:
Method: POST |
Content:
{ |
Response from shop
Success:
HTTP Code: 200 |
Content: No content
Subsequently, a token can be requested from the shop via "GetToken".
Error:
HTTP Code: 400 |
Content:
{ |
Logout
For the logout it is mandatory to pass the token.
URL: https://Ihre-Shop-Domain/_api/shop/AppLogin/Logout |
Request from the app
HTTP header:
Method: POST |
Content:
{ |
Response from the shop
Success:
HTTP Code: 200 |
Content: No content
Error:
HTTP Code: 400 |
Content:
{ |
Linking to the shop with the session ID
After a session ID has been requested and stored in the app, the shop can be linked to. The user is already logged in to this session.
Examples linking
Link to the start page:
https://Ihre-Shop-Domain/?sid=<session-ID> |
Example:
https://Ihre-Shop-Domain/?sid=12aa3318987654bccbff991155226677
Link to a specific product:
https://Ihre-Shop-Domain/SEO-Produkt-Name/?sid=<session-ID> |
Example:
https://Ihre-Shop-Domain/Reithose-Felix/?sid=12aa3318987654bccbff991155226677
Linking to a specific category:
https://Ihre-Shop-Domain/SEO-Kategorie-Name/?sid=<session-ID> |
Example:
https://Ihre-Shop-Domain/Damenreithosen/?sid=12aa3318987654bccbff991155226677
Error codes
Code | Description |
|---|---|
2000 | Internal |
2001 | Internal |
2002 | no eMail address given |
2003 | no password given |
2004 | too many failed login attempts, login temporarily blocked |
2005 | Internal |
2006 | Internal |
2007 | Internal |
2008 | Login not successful |
2009 | Login not successful |
2010 | Internal |
2011 | no authorization for the requested SubShop |
2012 | Internal |
3000 | Internal |
3001 | Internal |
3002 | no valid email address |
3003 | no valid eMail address |
3004 | Password insecure, because password is too short |
3005 | Password insecure, because password and eMail address are too similar |
3006 | Password insecure, because password is the same as eMail address |
3007 | Password insecure, because too simple |
3008 | Password insecure, contains too many identical characters |
3009 | Password and repetition do not match |
3010 | Internal |
3011 | eMail address already exists |
3012 | Internal |
3014 | Internal |
3015 | internal |
3016 | Internal |
3017 | Internal |
3018 | Internal |
3020 | Email address and password do not meet the requirements |
3021 | email address not specified |
3022 | eMail address too long |
3023 | Password not specified |
3024 | Password too long |
3025 | Character class error |
3026 | Palindrome error |
3027 | Dictionary check failed |
3028 | Backward dictionary check failed |
5000 | No type specified |
5003 | Type register not enabled |
5005 | Logout not possible: User not logged in/session expired |
5006 | Type unknown/not supported |
5008 | Interface not enabled |
9001 | Internal |