Zum Hauptinhalt springen
POST
/
public
/
customer
/
request-login-link
cURL
curl -X POST \
 /public/customer/request-login-link \
 --header "Content-Type: application/json" \
 --data '{
    "email": "customer@example.com"
}'
import requests

url = "https://coreapi.io/public/customer/request-login-link"

payload = { "email": "customer@example.com" }
headers = {
"Authorization": "Bearer <token>",
"Content-Type": "application/json"
}

response = requests.post(url, json=payload, headers=headers)

print(response.text)
const options = {
method: 'POST',
headers: {Authorization: 'Bearer <token>', 'Content-Type': 'application/json'},
body: JSON.stringify({email: 'customer@example.com'})
};

fetch('https://coreapi.io/public/customer/request-login-link', options)
.then(res => res.json())
.then(res => console.log(res))
.catch(err => console.error(err));
<?php

$curl = curl_init();

curl_setopt_array($curl, [
CURLOPT_URL => "https://coreapi.io/public/customer/request-login-link",
CURLOPT_RETURNTRANSFER => true,
CURLOPT_ENCODING => "",
CURLOPT_MAXREDIRS => 10,
CURLOPT_TIMEOUT => 30,
CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
CURLOPT_CUSTOMREQUEST => "POST",
CURLOPT_POSTFIELDS => json_encode([
'email' => 'customer@example.com'
]),
CURLOPT_HTTPHEADER => [
"Authorization: Bearer <token>",
"Content-Type: application/json"
],
]);

$response = curl_exec($curl);
$err = curl_error($curl);

curl_close($curl);

if ($err) {
echo "cURL Error #:" . $err;
} else {
echo $response;
}
{
  "success": true
}
Public endpoint for customers to request a login link to the customer portal.

How It Works

  1. Customer enters their email address on the login page
  2. An email with a login link is sent to the customer
  3. Customer clicks the link and is logged in automatically
This endpoint always returns success: true to prevent email enumeration attacks. The email is only sent if the address matches an existing customer.

Difference to OTP

This endpoint replaces the OTP (one-time password) flow for customer portal login. Instead of entering a 6-digit code, customers simply click a link in their email - a much smoother experience, especially on mobile devices. The OTP flow (/public/customer/request-otp and /public/customer/otp-login) is still available and used in the checkout flow where inline verification is required.

Autorisierungen

Authorization
string
header
erforderlich

Bearer authentication header of the form Bearer <token>, where <token> is your auth token.

Body

application/json

The customer email address

email
string
erforderlich

The email address of the customer

Beispiel:

"customer@example.com"

Antwort

200 - application/json

Login link request accepted. An email will be sent if the address matches a customer.

success
boolean
Beispiel:

true