Verify Log In credentials API
I Create a new customer with password and password_confirmation using API POST /admin/customers.json sucessfully.
Is there any API available that verify customer email and password is valid so allow to log in in application using same ?
Is there any update on this Customer Login Verification API.
Due to this, the crucial mobile app customers, having account on store, would not able to login to the mobile app version using the same account.
Please help, if anybody has found the solution or suggest any efficient alternative.
If you have the user's username and password, you could simply POST them to the store's /login endpoint. If you get redirected to the customer account page after that, you have the right credentials.
How is this an issue? If you have the customer's email and their password (and let us not go down the road to that bit of insanity) then it is simple to validate if it works. Use the front-end as Gavin suggests, or use the API to do a call to the customer endpoint and examine the record you get back for validity.
The only thing this issue raises is why in the first place is a merchant setting up an account with a password. That is so wrong on so many levels.
I am not using this to set up an account or anything like that. I need to verify the Customer is who he says he is before looking up order information to validate an Order to activate a service. Is there another way to do this I am missing?
Indeed. Use this sane pattern everyone else uses. One, force the customer to login to your Shopify store with their account. That means the email address is now for sure, your customer. So now if your so-called validator service gets an email to play with, you can use the secure callback from Shopify to look up the email and ensure it is the same as the logged in customer, since you can send yourself the logged in customer ID too. Now you can be sure the customer is who they say, and go to town.
A device without a browser? Now you're off on your own. But since it is an internet enabled device, use it to contact your App where you do your own verification.
My earlier expose was pointing out the obvious use of an App Proxy to validate front-end info, like an email address.