How to authenticate a customer

General access to the system is controlled by an authentication token as discussed on the 'How to connect' page. However, when working with a customer's bookings further authentication is required.

This is because this level of authentication should have come directly from the customer via you. As a result all API messages that interact with either a B2B or B2C customer require a second level authenticate.

Second level authenticate

The second level authenticate looks like this:

          "authenticate": {
            "email": "string",
            "password": "string",
            "type": "B2C"
        }
    

The password can be sent in plain text or encoded using the bCrypt algorithm. This is a setting on your account, as such we need to know in advance if you plan to encrypt the passwords. As the messages are sent over https it is no less secure at our end either as we validate this password at a very low level in our application.

Password manipulation

We provide you with a method to allow you to directly manipulate a customer's password by sending a request to change the password to a given value.