Token based authentication is a way to authenticate and log a customer into the loyalty program securely. Instead of authenticating a customer based on only the data passed through the basic integration snippet, the token based authentication adds an extra step for security.

Pre-requisites for Token Based Authentication:

  1. Merchant needs to associate a token with a customer account in the database. This token should be unique for every customer session.
  2. Merchant is expected to generate an Endpoint(a method).The input to this endpoint is going to be an “access_token” and the output response must return the customer information in the following format.{"first_name": "Ethan", "last_name": "Hunt", "email": "ethan@aol.com","uid": "12jlkd1k2" };
  3. The authentication type should be changed to "Token Based" in the Zinrelo admin console.This setting is available in the General >> Settings >>Loyalty Settings

Token based authentication flow:

Changes required to the basic integration JS:

The basic integration JS will stay the same. Only an additional 'access_token' parameter is passed through the script. Though the customer information is exchanged through the front end, the customer will only be authenticated when Zinrelo receives the customer information from the configured end point URL.

Js


       window._zrl  =  window._zrl || [];
       var  init_data =
       {
         ‘partner_id’ : XXXXXXXX, /*REQUIRED: Zinrelo Partner ID*/
         ‘email’ : ‘useremail@gmail.com’,
         /*REQUIRED: When User is Logged in. For Non-Logged in users,
         pass an empty string ('').*/
         ‘name’ : ‘User  Full Name’,        
         /*REQUIRED: When User is Logged in. For Non-Logged in
         users, pass an empty string (''). */
          ‘user_id’ : ‘Unique-user-ID’
          /*REQUIRED: When User is Logged in. For Non-Logged in users and  
          guest users who DO NOT have an account, pass an empty string ('')*/
          ‘access_token’ : ‘access token’
          /*REQUIRED: When User is Logged in. Must be unique for a given user session*/
       };
       _zrl.push( [ ‘init’ , init_data ] );

Did this answer your question?