Customer authentication is performed automatically on Shopify, BigCommerce and
Adobe Commerce.
Create the auth token
The auth token is aSHA-1
hash of the following concatenated items, in order:
- the customer’s unique
id
- the current date, as an
ISO 8601
timestamp - the customer’s email address
- your LoyaltyLion secret
loyaltylion.init
or loyaltylion.authenticateCustomer
to authenticate the customer.
Auth token creation example
Authentication with initialization
The best way to authenticate the customer is by passing the customer and auth data to theloyaltylion.init
call. This ensures the customer is authenticated as soon as the LoyaltyLion SDK is ready.
You should call loyaltylion.init
conditionally on the customer’s logged in state, that is, passing just the site token (initialize example without customer) if a customer isn’t logged in, or passing the customer information and authentication data (initialize example with customer) if a customer is logged in.
The date passed in the auth
object must be the same timestamp used to generate the auth token.
Authentication after initialization
If you need to authenticate the customer later (for example, if they’re able to log in without a full page reload or authentication happens after the page load), you still need to callloyaltylion.init
at the same time as loading the snippet, with just the site token and no customer information. You can later pass the customer information and authentication data in the loyaltylion.authenticateCustomer
method.
This method accepts the same customer
and auth
properties as loyaltylion.init
. It needs a server-side generated auth token.
The date passed in the auth
object must be the same timestamp used to generate the auth token.
Authentication after initialization example
Log a customer out of LoyaltyLion
You can log out a customer using thelogoutCustomer
method. This removes the signed-in customer’s data and refreshes the LoyaltyLion UI without requiring a full page reload. This can be particularly useful for single page applications (SPA) that support customers logging in / out without full page reloads.
Note that this is an asynchronous method. If no customer is currently signed in you will see a warning message in the console.