This page provides you information regarding the authentications used in API Capillary APIs.
Capillary supports three types of authentication:
- OAuth
This auth flow is used when the API requests are made from a program or service running on a server. This flow uses an access token to authenticate an API request. You can enable oAuth from InTouch as mentioned in the respective section below. - Basic auth
This is used where POS terminals are directly integrated with Capillary server. This flow uses Till ID and MD5 hash encoded password to authenticate an API request. Find more details in the section below. - Authentication for end-customer web and mobile apps
This is used for end-customer authentication where you want end-customers to login to a mobile or web application built on Capillary CDP.
It is mandatory to use only store-specific Till/Store Center credentials as API response depends on this identification.
When to use Basic & OAuth?
| Authentication Type | Description |
|---|---|
| Basic | Can be used for POS integrations where API requests come to the Capillary server directly from POS front end or POS store server. |
| oAuth | Shall be used for backend integrations (from one backend to another backend). For example, POS integrations where API requests come to the Capillary server from an API gateway or a central server; FTP integrations where backend service needs to be authenticated; 3rd party integration where API requests come to Capillary from a backend platform. |
Authentication scenarios and recommended authentication
| Scenario | Description | Authentication |
|---|---|---|
| POS client-to-server integration | POS terminals are directly integrated with Capillary server. API requests come directly from POS terminal to the Capillary Server. | Basic authentication using till username and password |
| POS server-to-server integration | POS servers are directly integrated with Capillary Server. API requests come directly from POS server to the Capillary Server. | oAuth2 client credentials flow using API key and secret |
| FTP server-to-server integration | Client systems are configured to Push files to an FTP and Capillary access the is and Capillary will access and process files from FTP. (process - Via connect+ or OOB solution). | oAuth2 client credentials flow using API key and secret |
| Server-to-server custom integration | Client server will consume capillary API via. wrapper service. Development and maintenance is subjective to the deal. | oAuth2 client credentials flow using API key and secret |
| Prebuilt server-to-server integrations (Magento, Shopify, SFMC connectors) | In this, client-systems would consume Capillary Plugin to communicate with Capillary. | oAuth2 client credentials flow using API key and secret |
| End customer apps integration | These are third-party apps and consumes Mobile APIs and Gateway APIs to communicate with Capillary. | Mobile APIs auth service, using username & password/otp; till username & password Custom & non-standard (non oAuth2 or OIDC) authorization * No social login options supported |