• Home

Working with Login & Logout

In this section, we will explain how the WebCommander login and logout API works and how to secure a source URL from a plugin that is rendered through an iframe inside the WebCommander site. We’ll provide code examples in various programming languages to help you understand the implementation.

User Login

  • cURL
  • PHP – cURL
  • Python – http.client
  • Java – Unirest
  • C# – RestSharp
curl --location 'http://yourapp.com/external/app/access/customer-login' \
--header 'uuid: F8A3-A88E-C6EF-B1CB' \
--header 'accessToken: 11b4ec017714ef095b8e115545467fcb' \
--header 'Content-Type: application/json' \
--data-raw '{
    "clientId": "abf9ab31352bfc92f5a6a5b891782b9f", 
    "email": "tanviruls8@gmail.com", 
    "password": "123456"
}'
<?php

$curl = curl_init();

curl_setopt_array($curl, array(
  CURLOPT_URL => 'http://yourapp.com/external/app/access/customer-login',
  CURLOPT_RETURNTRANSFER => true,
  CURLOPT_ENCODING => '',
  CURLOPT_MAXREDIRS => 10,
  CURLOPT_TIMEOUT => 0,
  CURLOPT_FOLLOWLOCATION => true,
  CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
  CURLOPT_CUSTOMREQUEST => 'POST',
  CURLOPT_POSTFIELDS =>'{
    "clientId": "abf9ab31352bfc92f5a6a5b891782b9f", 
    "email": "tanviruls8@gmail.com", 
    "password": "123456"
}',
  CURLOPT_HTTPHEADER => array(
    'uuid: F8A3-A88E-C6EF-B1CB',
    'accessToken: 11b4ec017714ef095b8e115545467fcb',
    'Content-Type: application/json'
  ),
));

$response = curl_exec($curl);

curl_close($curl);
echo $response;
import http.client
import json

conn = http.client.HTTPSConnection("yourapp.com")
payload = "{\r\n&nbsp;&nbsp;&nbsp; \"clientId\": \"abf9ab31352bfc92f5a6a5b891782b9f\", \n&nbsp;&nbsp;&nbsp; \"email\": \"tanviruls8@gmail.com\", \n&nbsp;&nbsp;&nbsp; \"password\": \"123456\"\r\n}"
headers = {
  'uuid': 'F8A3-A88E-C6EF-B1CB',
  'accessToken': '11b4ec017714ef095b8e115545467fcb',
  'Content-Type': 'application/json'
}
conn.request("POST", "/external/app/access/customer-login", payload, headers)
res = conn.getresponse()
data = res.read()
print(data.decode("utf-8"))
Unirest.setTimeouts(0, 0);
HttpResponse<String> response = Unirest.post("http://yourapp.com/external/app/access/customer-login")
  .header("uuid", "F8A3-A88E-C6EF-B1CB")
  .header("accessToken", "11b4ec017714ef095b8e115545467fcb")
  .header("Content-Type", "application/json")
  .body("{\r\n    \"clientId\": \"abf9ab31352bfc92f5a6a5b891782b9f\", \n    \"email\": \"tanviruls8@gmail.com\", \n    \"password\": \"123456\"\r\n}")
  .asString();
var options = new RestClientOptions("")
{
  MaxTimeout = -1,
};
var client = new RestClient(options);
var request = new RestRequest("http://yourapp.com/external/app/access/customer-login", Method.Post);
request.AddHeader("uuid", "F8A3-A88E-C6EF-B1CB");
request.AddHeader("accessToken", "11b4ec017714ef095b8e115545467fcb");
request.AddHeader("Content-Type", "application/json");
var body = @"{
" + "\n" +
@"    ""clientId"": ""abf9ab31352bfc92f5a6a5b891782b9f"", " + "\n" +
@"    ""email"": ""tanviruls8@gmail.com"", " + "\n" +
@"    ""password"": ""123456""
" + "\n" +
@"}";
request.AddStringBody(body, DataFormat.Json);
RestResponse response = await client.ExecuteAsync(request);
Console.WriteLine(response.Content);

Request Details

  • Request URL: http://yourapp.com/external/app/access/customer-login
  • Request Type: POST

Request Parameter

{
    "clientId": "abf9ab31352bfc92f5a6a5b891782b9f", // you will find the clientID on plugin installation. Check /install request parameter in project setup section.
    "email": "tanviruls8@gmail.com", // accepted parameters - email or userName
    "password": "4465234235667"
}

Response

{
    "status": "success",
    "access_token": "abf9ab31352bfc92f5a6a5b891782b9f", // To secure a plugin source URL that is used to render through iframe in WebCommander.
    "refresh_token": "fda44530af4b9b11d48d263fe499c146" // 
}

Example

As an example, suppose you want to register a plugin widget where your sourceUrl is https://stage-mnb.clubeez.com/signup-widget?uuid=BB1EF6AA-A8E0-4D0F and configurationUrl is https://stage-mnb.clubeez.com/configuration-signup-widget?uuid=BB1EF6AA-A8E0-4D0F. WebCommander will send an additional parameter token (e.g., https://stage-mnb.clubeez.com/my-subscriptions?token=BB1EF6AA-A8E0-4D0F-86B5-751EAD851890) when they are rendered through an iframe in WebCommander. The plugin developer can check the token to validate the login and identify who is responsible for rendering their internal page.

    "widgets": [
        {
            "widgetName": "mining", //unique internal identifier of widget(no space and special character and number allowed) 
            "widgetLabel": "Mining Signup", //widget display name  
            "widgetTitle": "Mining Signup Widget", //widget title will show on hover Widget 
            "widgetLogo": "https://stagingmining.mywebcommander.com/template/9738593f/images/package-pricing-icon.svg", // The URL of the logo of this widget
            "sourceUrl": "https://stage-mnb.clubeez.com/my-subscriptions?uuid=BB1EF6AA-A8E0-4D0F", // widget render source url 
            "configurationUrl": "https://stage-mnb.clubeez.com/configuration-signup-widget?uuid=BB1EF6AA-A8E0-4D0F", //widget configuration endpoint url 
        }
    ]

User Logout

The plugin developer can send a request to log out a user where WebCommander will clear the token generated for that user.

  • cURL
  • PHP – cURL
  • Python – http.client
  • Java – Unirest
  • C# – RestSharp
curl --location 'http://yourapp.com/external/app/access/customer-logout' \
--header 'uuid: F8A3-A88E-C6EF-B1CB' \
--header 'accessToken: 11b4ec017714ef095b8e115545467fcb' \
--header 'Content-Type: application/json' \
--data '{
    "token": "abf9ab31352bfc92f5a6a5b891782b9f" 
}
<?php

$curl = curl_init();

curl_setopt_array($curl, array(
  CURLOPT_URL => 'http://yourapp.com/external/app/access/customer-logout',
  CURLOPT_RETURNTRANSFER => true,
  CURLOPT_ENCODING => '',
  CURLOPT_MAXREDIRS => 10,
  CURLOPT_TIMEOUT => 0,
  CURLOPT_FOLLOWLOCATION => true,
  CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
  CURLOPT_CUSTOMREQUEST => 'POST',
  CURLOPT_POSTFIELDS =>'{
    "token": "abf9ab31352bfc92f5a6a5b891782b9f" 
}',
  CURLOPT_HTTPHEADER => array(
    'uuid: F8A3-A88E-C6EF-B1CB',
    'accessToken: 11b4ec017714ef095b8e115545467fcb',
    'Content-Type: application/json'
  ),
));

$response = curl_exec($curl);

curl_close($curl);
echo $response;
import http.client
import json

conn = http.client.HTTPSConnection("yourapp.com")
payload = "{\r\n    \"token\": \"abf9ab31352bfc92f5a6a5b891782b9f\" \n}"
headers = {
  'uuid': 'F8A3-A88E-C6EF-B1CB',
  'accessToken': '11b4ec017714ef095b8e115545467fcb',
  'Content-Type': 'application/json'
}
conn.request("POST", "/external/app/access/customer-logout", payload, headers)
res = conn.getresponse()
data = res.read()
print(data.decode("utf-8"))
Unirest.setTimeouts(0, 0);
HttpResponse<String> response = Unirest.post("http://yourapp.com/external/app/access/customer-logout")
  .header("uuid", "F8A3-A88E-C6EF-B1CB")
  .header("accessToken", "11b4ec017714ef095b8e115545467fcb")
  .header("Content-Type", "application/json")
  .body("{\r\n    \"token\": \"abf9ab31352bfc92f5a6a5b891782b9f\" \n}")
  .asString();
var options = new RestClientOptions("")
{
  MaxTimeout = -1,
};
var client = new RestClient(options);
var request = new RestRequest("http://yourapp.com/external/app/access/customer-logout", Method.Post);
request.AddHeader("uuid", "F8A3-A88E-C6EF-B1CB");
request.AddHeader("accessToken", "11b4ec017714ef095b8e115545467fcb");
request.AddHeader("Content-Type", "application/json");
var body = @"{
" + "\n" +
@"    ""token"": ""abf9ab31352bfc92f5a6a5b891782b9f"" " + "\n" +
@"}";
request.AddStringBody(body, DataFormat.Json);
RestResponse response = await client.ExecuteAsync(request);
Console.WriteLine(response.Content);

Request Details

  • Request URL: http://yourapp.com/external/app/access/customer-logout
  • Request type: POST

Request Parameter

{
    "token": "abf9ab31352bfc92f5a6a5b891782b9f" // The access token you recieved during login
}

Response

{"status":"success","message":"Successfully Logout"}

Leave a Reply

Your email address will not be published. Required fields are marked *