How to login users via an API

New Member
4 0 0
 
content-type: json

{
    "form_type": "customer_login",
    "customer[email]": "test@test.com",
    "customer[password]": "test"
}
 
I can login a user. i.e. return the welcome html page.
But if I doing very often, I will get a "I am not robot page"
 
Is there any api allowing me to login easily?
 
 
0 Likes
Shopify Partner
1841 170 481

Hi,

 

The captcha is triggered when too many accounts are being created from one IP during a 24 hrs period. Guess the same applies for login attempts. If you need that disabled you can contact support - you cannot turn off this security measure yourself.

 

Question is - why do you need to login that often? Sessions.

 

Depending on what you need to do, you can also take a look at Storefront API customAccessTokenCreate and a fantastic overview of a few use cases here.

 

Best wishes!

I turn coffee in to code - since 1998
0 Likes
New Member
4 0 0

@KarlOffenberger, Basically, I am building a react native app (proof of concept) to display shopify website. There is a component called webview (think like iframe).

 

So each time my app reload itself, the webview will post to https://xxx.myshopify.com/account/login with the following json data (by using chrome inspector)

 

{
  "form_type": "customer_login",
  "customer[email]": "user",
  "customer[password]": "pass"
}
 
if login successfully, my webview will always have a login session, so I can browse products, checkout. (It is like a password less experience)
 
I know that multi pass in shopify plus can do it, but it is expensive. (so this option will be ignored for now). We come up a hacky way to see whether it will work. 
 
In Summary,
I want my react native app able to login (with hardcode username and password at the moment), if customers close the app and reopen it, the login session should be still there. (I hope I explain it clearly.)
0 Likes
Highlighted
Shopify Expert
9542 28 1310

Outside of Multipass there isn't an API to log customers into Shopify. I would not suggest other approaches like posting the data as it could very well could be trapped by the bot tools. At best you'll have the captcha to deal with.

 

 

I also have plenty of concerns around the security of passing around customer password data like that. Not enough context into methods you're using to comment too much but it's setting off all the spidey senses.

★ Winning Partner of the Build a Business competition. ★ http://freakdesign.com.au
0 Likes