Creating a session on behalf of a user
- Call name: session
- Endpoint URL: https://api0.spaaza.com/auth/session
- Request methods: POST
- Request Content-Type: multipart/form-data or application/x-www-form-urlencoded
- Response Content-Type: application/json
- Auth required: yes (for privileged authentication)
- X-Spaaza-MyPrice-App-Hostname header required: yes (for privileged authentication)
This API call allows you to create a user session when provided with valid credentials.
Note that this call works in two possible ways:
- With privileged authentication, it is possible to create a session for an end-user if the token used has sufficient permissions
- Without privileged authentication, a
session_passcodeandsession_passcode_keyresulting from a login request for an admin user can be exchanged for a user session
HTTP Parameters
If the call uses privileged authentication, one of the HTTP parameters below must be passed to the API endpoint to identify the user:
| Parameter | Description |
|---|---|
| username | (string) The username (email address) of the user |
| user_id | (string/integer) The Spaaza user id of the user. |
| member_number | (string) The unique membership number or code for the shopper. |
| authentication_point_identifier | (string) The ID of the customer on a third-party identity system, such as a webstore. In order to be used, this value must be known in the Spaaza system. |
If the call does not use privileged authentication, both of the following HTTP parameters below must be passed to the API endpoint to identify the user:
| Parameter | Description |
|---|---|
| session_passcode | (integer) The session passcode for the user. |
| session_passcode_key | (string) The session passcode key for the user. |
Permissions and Authentication
If the call uses privileged authentication, it requires a valid Spaaza session. The session can be as follows:
| Parameter | Description |
|---|---|
| privileged | An OAuth-based mechanism for trusted third-parties, the use of privileged authentication is permitted for this endpoint. |
Headers
If the call uses privileged authentication, the following headers can/must be passed to the API call:
| Parameter | Description |
|---|---|
| X-Spaaza-MyPrice-App-Hostname (mandatory) | The hostname of the app the user is affiliated with. |
Results
Returns an OK code and a JSON document for the user, including the session_info for the user which can be used to access other Spaaza endpoints. A sample is shown below:
{
"result": {
"code": 1,
"status": "ok"
},
"results": {
"user_info": {
"id": 3636813,
"user_id": 3636813,
"first_name": "Jane",
"last_name": "Smith",
"birthday": "1980-01-01T00:00:00+00:00",
"signup_channel": "mobile:ios",
"username": "jane.smith@example.com",
"authentication_point_identifier": null,
"auxiliary_identifier": null,
"mailing_list": {
"mailing_list_sub_offered": false,
"mailing_list_subscribed": true,
"printed_mailing_list_subscribed": true
},
"entity_code": {
"type": "regular",
"code": "3636813"
},
"opt_in_programme": {
"programme_opted_in": false,
"join_date": "2020-05-18T09:32:57+00:00"
},
"obfuscated": false,
"country_code": null,
"address_streetname": null,
"address_housenumber": null,
"address_housenumber_extension": null,
"address_line_2": null,
"address_line_3": null,
"address_towncity": null,
"address_regionstate": null,
"address_postalcode": null,
"member_number": "3636813",
"language": "en-GB",
"opt_in_secondary": null,
"opt_in_secondary_last_modified_date": null,
"registered": true,
"is_employee": false,
"push_notification_subscription": {
"subscribed": false,
"subscriptions": []
},
"loyalty_status": null,
"frequency": 0,
"recency": 0,
"monetary": 0,
"overall": 0,
"stores": "",
"online_shopper": false,
"offline_shopper": false,
"average_basket_value": "0.00",
"days_since_last_purchase": null,
"number_of_purchases": 0,
"referring_user": null,
"referral_code": "lxzwvs"
},
"session_info": {
"session_key": "84f895eda81892bacf53ac2538d96d14fda32a50889f55e85fa461e241e31f65",
"session_auth_method": "password",
"session_key_validity": "15552000",
"session_user_id": 3636813,
"session_username": "jane.smith@example.com",
"session_expires_date": "2021-04-28 11:14:40"
},
"result_type": "session"
}
}