Cross-domain AJAX Authentication

This documentation outlines the process for performing cross-domain authentication between a 3rd party website and a Loyalty Portal hosted on the smartCMS.

Intended Use:

JSON endpoints available on the Loyalty Portal portal built by HEBS Digital exist in order to authenticate and fetch profile details for an active session. The intended use of the endpoints is to be consumed by 3rd party in order to facilitate:

  1. Logging-in from hotelwebsite.com

  2. Fetching basic profile metadata (first name, last name, point

    balance, etc.) for logged-in users

Endpoints

Authentication

  1. URI: /.../authenticate (i.e. https://www.hotelwebsite.com/loyalty/authenticate)

  2. Description: Used for authenticating against the CRM profile. Under the hood, a call to validate the credentials is made against the underlying CRM.

  3. Request Type: POST / AJAX (request header “X-Requested-With” set to “XMLHttpRequest”). The hostname of the origin environment (i.e. domain.com) must be whitelisted by Cendyn IT in order for CORS to work correctly.

  4. Form Data / Parameters:

    1. username – the member ID used to authenticate against the CRM (i.e. LoginID)

    2. password – the member password

    3. task – must equal “login”

  5. Example Response:

{
  "code": 200,
  "status": true,
  "message": "Successfully authenticated",
  "data": {
    "firstname": "User",
    "lastname": "Lastname",
    "profileid": "ABC123",
    "loginid": "[email protected]",
    "username": "test@hebsdig ital.com",
    "membernumber": "123456789",
    "membertier": "Base Level",
    "balance": 0
  }
}

Fetch User Details

  1. URI: /.../authenticate (i.e. https://www.hotelwebsite.com/loyalty/authenticate)

  2. Description: Used for checking if a session is established on the loyalty portal. If a session is established, the profile will be returned as JSON.

  3. Request Type: POST / AJAX (request header “X-Requested-With” set to

    “XMLHttpRequest”). For cross domain, a JSONP request should be used

    by performing a GET request with a query-string parameter “callback”

  4. Form Data / Parameters:

    1. task – must equal “authenticate”

{
  "data": {
    "firstname": "User",
    "lastname": "Lastname",
    "profileid": "ABC123",
    "loginid": "[email protected]",
    "username": "[email protected]",
    "membernumber": "123456789",
    "membertier": "Base Level",
    "balance": 0,
    "rememberme": "0",
    "lifetimeex piry": 636755959760000000,
    "sessionexpiry": 636755959760000000
  },
  "status": true
}
PreviousCross-Domain CookieNextReverb Booking Engine - Deep Link Structure

Last updated

Was this helpful?