1. Scayle Resource Center
  2. Checkout Authentication API
  3. Getting started
  4. Introduction


This is the specification of the Checkout Authentication API.
For the step-by-step instructions, see the Checkout Authentication API Guide.

Getting Started

Use this API to:

  • Log in user
  • Register user
  • Reset password
  • Manage sessions

This API must only be used by backend services!

Base URL


All requests must be made over HTTPS.

  • Authorization Bearer Token
  • Content-Type application/json

How to Use

Creating an API Client

First, you will need to create a new API client using the SCAYLE Panel to obtain your client_id and client_secret.

Make sure to store those credentials safely in your backend.

To create a token:

  1. Navigate to Shops > Storefront > API keys.
  2. Click + Generate OAuth Credentials.
  3. Enter a Name and click Create Token.

Validating a token

You will need to call the validation endpoint to check if an Access Token is still valid.

Access Tokens are valid for 30 days.

Refreshing a token

When your Access Token has expired you can use the Refresh Token to obtain a fresh Access Token.

Refreshing a token is done by using the POST token endpoint by using the refresh_token OAuth grant.

Consider to check the expiration date of the JWT to trigger a refresh early enough.

Refresh Tokens are valid for 60 days.

For more information, refer to our Handling Tokens guide.

Authenticating a user

There are three different options on how to authenticate a user:

  1. Register a new user.
  2. Log in an existing user.
  3. Log in as a guest customer without a password.

All of those endpoints will require you to provide the client_id and client_secret as a Basic Auth header.

After successfully authenticating a user, you will get an Access Token and a Refresh Token.

Download Full Reference

Using Postman or similar tools? You can download this reference as a JSON file and import it to start sending requests directly.

Download authentication-api-latest.json