xclade
Store APIAuth

Generate Reset Password Token for Customer

Generate a reset password token for a customer. This API route doesn't reset the customer password or send them the reset instructions in a notification. Instead, This API route emits the `auth.password_reset` event, passing it the token as a payload. You can listen to that event in a subscriber as explained in [this guide](https://), then send the customer a notification. The notification is sent using a [Notification Module Provider](https://), and it should have a URL that accepts a `token` query parameter, allowing the customer to reset their password from the storefront. Use the generated token to update the customer's password using the [Reset Password API route](https://).

POST
/auth/customer/{auth_provider}/reset-password

Path Parameters

auth_provider*string

The provider used for authentication.

Request Body

application/json

Response Body

application/json

text/plain

application/json

application/json

application/json

application/json

curl -X POST "https://{tenant}.api.myxclade.com/auth/customer/emailpass/reset-password" \  -H "Content-Type: application/json" \  -d 'customer@gmail.com'
Empty

{
  "message": "Discount must be set to dynamic",
  "type": "not_allowed"
}

"Unauthorized"
{
  "message": "Entity with id 1 was not found",
  "type": "not_found"
}
{
  "code": "unknown_error",
  "message": "The request conflicted with another request. You may retry the request with the provided Idempotency-Key.",
  "type": "QueryRunnerAlreadyReleasedError"
}
{
  "code": "invalid_request_error",
  "message": "Discount with code TEST already exists.",
  "type": "duplicate_error"
}

{
  "code": "api_error",
  "message": "An error occured while hashing password",
  "type": "database_error"
}

Validate Authentication Callback

This API route is used by your storefront or frontend application when a third-party provider redirects to it after authentication. It validates the authentication with the third-party provider and, if successful, returns an authentication token. All query parameters received from the third-party provider, such as `code`, `state`, and `error`, must be passed as query parameters to this route. You can decode the JWT token using libraries like [react-jwt](https://www.npmjs.com/package/react-jwt) in the storefront. If the decoded data doesn't have an `actor_id` property, then you must register the customer using the Create Customer API route passing the token in the request's Authorization header.

Reset a Customer's Password

Reset a customer's password using a reset-password token generated with the [Generate Reset Password Token API route](https://). You pass the token as a bearer token in the request's Authorization header.