In this section, we will explain how the WebCommander login and logout API works and how to secure a source URL from a plugin that is rendered through an iframe inside the WebCommander site. We’ll provide code examples in various programming languages to help you understand the implementation.
User Login
cURL
PHP – cURL
Python – http.client
Java – Unirest
C# – RestSharp
curl --location 'http://yourapp.com/external/app/access/customer-login' \
--header 'uuid: F8A3-A88E-C6EF-B1CB' \
--header 'accessToken: 11b4ec017714ef095b8e115545467fcb' \
--header 'Content-Type: application/json' \
--data-raw '{
"clientId": "abf9ab31352bfc92f5a6a5b891782b9f",
"email": "tanviruls8@gmail.com",
"password": "123456"
}'<?php
$curl = curl_init();
curl_setopt_array($curl, array(
CURLOPT_URL => 'http://yourapp.com/external/app/access/customer-login',
CURLOPT_RETURNTRANSFER => true,
CURLOPT_ENCODING => '',
CURLOPT_MAXREDIRS => 10,
CURLOPT_TIMEOUT => 0,
CURLOPT_FOLLOWLOCATION => true,
CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
CURLOPT_CUSTOMREQUEST => 'POST',
CURLOPT_POSTFIELDS =>'{
"clientId": "abf9ab31352bfc92f5a6a5b891782b9f",
"email": "tanviruls8@gmail.com",
"password": "123456"
}',
CURLOPT_HTTPHEADER => array(
'uuid: F8A3-A88E-C6EF-B1CB',
'accessToken: 11b4ec017714ef095b8e115545467fcb',
'Content-Type: application/json'
),
));
$response = curl_exec($curl);
curl_close($curl);
echo $response;import http.client
import json
conn = http.client.HTTPSConnection("yourapp.com")
payload = "{\r\n \"clientId\": \"abf9ab31352bfc92f5a6a5b891782b9f\", \n \"email\": \"tanviruls8@gmail.com\", \n \"password\": \"123456\"\r\n}"
headers = {
'uuid': 'F8A3-A88E-C6EF-B1CB',
'accessToken': '11b4ec017714ef095b8e115545467fcb',
'Content-Type': 'application/json'
}
conn.request("POST", "/external/app/access/customer-login", payload, headers)
res = conn.getresponse()
data = res.read()
print(data.decode("utf-8"))Unirest.setTimeouts(0, 0);
HttpResponse<String> response = Unirest.post("http://yourapp.com/external/app/access/customer-login")
.header("uuid", "F8A3-A88E-C6EF-B1CB")
.header("accessToken", "11b4ec017714ef095b8e115545467fcb")
.header("Content-Type", "application/json")
.body("{\r\n \"clientId\": \"abf9ab31352bfc92f5a6a5b891782b9f\", \n \"email\": \"tanviruls8@gmail.com\", \n \"password\": \"123456\"\r\n}")
.asString();var options = new RestClientOptions("")
{
MaxTimeout = -1,
};
var client = new RestClient(options);
var request = new RestRequest("http://yourapp.com/external/app/access/customer-login", Method.Post);
request.AddHeader("uuid", "F8A3-A88E-C6EF-B1CB");
request.AddHeader("accessToken", "11b4ec017714ef095b8e115545467fcb");
request.AddHeader("Content-Type", "application/json");
var body = @"{
" + "\n" +
@" ""clientId"": ""abf9ab31352bfc92f5a6a5b891782b9f"", " + "\n" +
@" ""email"": ""tanviruls8@gmail.com"", " + "\n" +
@" ""password"": ""123456""
" + "\n" +
@"}";
request.AddStringBody(body, DataFormat.Json);
RestResponse response = await client.ExecuteAsync(request);
Console.WriteLine(response.Content);Request Details
- Request URL:
http://yourapp.com/external/app/access/customer-login - Request Type:
POST
Request Parameter
{
"clientId": "abf9ab31352bfc92f5a6a5b891782b9f", // you will find the clientID on plugin installation. Check /install request parameter in project setup section.
"email": "tanviruls8@gmail.com", // accepted parameters - email or userName
"password": "4465234235667"
}Response
{
"status": "success",
"access_token": "abf9ab31352bfc92f5a6a5b891782b9f", // To secure a plugin source URL that is used to render through iframe in WebCommander.
"refresh_token": "fda44530af4b9b11d48d263fe499c146" //
}Example
As an example, suppose you want to register a plugin widget where your sourceUrl is https://stage-mnb.clubeez.com/signup-widget?uuid=BB1EF6AA-A8E0-4D0F and configurationUrl is https://stage-mnb.clubeez.com/configuration-signup-widget?uuid=BB1EF6AA-A8E0-4D0F. WebCommander will send an additional parameter token (e.g., https://stage-mnb.clubeez.com/my-subscriptions?token=BB1EF6AA-A8E0-4D0F-86B5-751EAD851890) when they are rendered through an iframe in WebCommander. The plugin developer can check the token to validate the login and identify who is responsible for rendering their internal page.
"widgets": [
{
"widgetName": "mining", //unique internal identifier of widget(no space and special character and number allowed)
"widgetLabel": "Mining Signup", //widget display name
"widgetTitle": "Mining Signup Widget", //widget title will show on hover Widget
"widgetLogo": "https://stagingmining.mywebcommander.com/template/9738593f/images/package-pricing-icon.svg", // The URL of the logo of this widget
"sourceUrl": "https://stage-mnb.clubeez.com/my-subscriptions?uuid=BB1EF6AA-A8E0-4D0F", // widget render source url
"configurationUrl": "https://stage-mnb.clubeez.com/configuration-signup-widget?uuid=BB1EF6AA-A8E0-4D0F", //widget configuration endpoint url
}
]User Logout
The plugin developer can send a request to log out a user where WebCommander will clear the token generated for that user.
cURL
PHP – cURL
Python – http.client
Java – Unirest
C# – RestSharp
curl --location 'http://yourapp.com/external/app/access/customer-logout' \
--header 'uuid: F8A3-A88E-C6EF-B1CB' \
--header 'accessToken: 11b4ec017714ef095b8e115545467fcb' \
--header 'Content-Type: application/json' \
--data '{
"token": "abf9ab31352bfc92f5a6a5b891782b9f"
}<?php
$curl = curl_init();
curl_setopt_array($curl, array(
CURLOPT_URL => 'http://yourapp.com/external/app/access/customer-logout',
CURLOPT_RETURNTRANSFER => true,
CURLOPT_ENCODING => '',
CURLOPT_MAXREDIRS => 10,
CURLOPT_TIMEOUT => 0,
CURLOPT_FOLLOWLOCATION => true,
CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
CURLOPT_CUSTOMREQUEST => 'POST',
CURLOPT_POSTFIELDS =>'{
"token": "abf9ab31352bfc92f5a6a5b891782b9f"
}',
CURLOPT_HTTPHEADER => array(
'uuid: F8A3-A88E-C6EF-B1CB',
'accessToken: 11b4ec017714ef095b8e115545467fcb',
'Content-Type: application/json'
),
));
$response = curl_exec($curl);
curl_close($curl);
echo $response;
import http.client
import json
conn = http.client.HTTPSConnection("yourapp.com")
payload = "{\r\n \"token\": \"abf9ab31352bfc92f5a6a5b891782b9f\" \n}"
headers = {
'uuid': 'F8A3-A88E-C6EF-B1CB',
'accessToken': '11b4ec017714ef095b8e115545467fcb',
'Content-Type': 'application/json'
}
conn.request("POST", "/external/app/access/customer-logout", payload, headers)
res = conn.getresponse()
data = res.read()
print(data.decode("utf-8"))Unirest.setTimeouts(0, 0);
HttpResponse<String> response = Unirest.post("http://yourapp.com/external/app/access/customer-logout")
.header("uuid", "F8A3-A88E-C6EF-B1CB")
.header("accessToken", "11b4ec017714ef095b8e115545467fcb")
.header("Content-Type", "application/json")
.body("{\r\n \"token\": \"abf9ab31352bfc92f5a6a5b891782b9f\" \n}")
.asString();var options = new RestClientOptions("")
{
MaxTimeout = -1,
};
var client = new RestClient(options);
var request = new RestRequest("http://yourapp.com/external/app/access/customer-logout", Method.Post);
request.AddHeader("uuid", "F8A3-A88E-C6EF-B1CB");
request.AddHeader("accessToken", "11b4ec017714ef095b8e115545467fcb");
request.AddHeader("Content-Type", "application/json");
var body = @"{
" + "\n" +
@" ""token"": ""abf9ab31352bfc92f5a6a5b891782b9f"" " + "\n" +
@"}";
request.AddStringBody(body, DataFormat.Json);
RestResponse response = await client.ExecuteAsync(request);
Console.WriteLine(response.Content);Request Details
- Request URL:
http://yourapp.com/external/app/access/customer-logout - Request type:
POST
Request Parameter
{
"token": "abf9ab31352bfc92f5a6a5b891782b9f" // The access token you recieved during login
}Response
{"status":"success","message":"Successfully Logout"}