(Non-guest) customer e-mail uniqueness [API]

Hi,

I'm very new to FoxyCart, and I can't immediately see how the customer accounts work. According to the wiki, "The email address can be considered the unique key for the customer; there cannot be two different (non-guest) customer records with the same email address." But does that mean "unique across my store" or "unique across all my stores" or "unique across the whole of Foxy"? If the latter, given that I'm using SSO (forward only), how to I manage to create a new Foxy customer account for someone who happens to already have a Foxy account created previously through some other merchant's store, once he's registered an local account on my website? Presumably the creation would fail, but then what would I do next? My objective is to be able to log that user on to his Foxy account automatically so that when he jumps from my website to the Cart he's not prompted to log in manually.
Comments
  • fc_adamfc_adam FoxyCart Team
    @AntonSy,

    Good question - sorry for the confusion there. That would be unique to a single store, rather than across multiple stores or the whole app.

    We'll get the wiki updated to make that a little clearer.

    Is there anything else we can clarify with the SSO set up and customers?
  • @fc_adam, thanks - that's a relief! (I was hoping that it would be like that.)

    So, what we want to achieve with SSO to Foxy is that the user is never aware that they even have a Foxy account (beyond the GDPR requirement that we inform them in our Privacy Notice). Since our store is b2b we don't care about hurdles to purchase; we insist that our users are signed in to our local webapp and then we send them to Foxy to make their subscription purchase, and we also provide them with a link in our local webapp at all times so that they can go to Foxy to manage their billing.

    My next question concerns the opposite end of the user story: account deletion (in particular as regards their GDPR right to erasure). When a user closes their account on our local webapp, am I right in thinking that we can simply close their Foxy account (via API) since (given your reply) it's unique to and hence we won't mess up any other relationships that the person has with other merchants/stores? That would be the ideal situation for us.

    [If your reply had been something like "their account is shared across multiple merchants' stores" then it would have been a headache, because when they close their local account on our webapp we'd have had to have told them something like "You might or might not wish to also close your relationship with Foxy which - possibly even unbeknown to you - existed, since we happen to use Foxy as our payment gateway. Here's a link to Foxy in case you wish to do that". Naturally, that would be a bit of a bad UX from our point of view, so we'll be happy if it's not like that!]
  • Oh sorry, the wiki software ate some of my comment because I used angle brackets!

    My second paragraph was meant to say:

    My next question concerns the opposite end of the user story: account deletion (in particular as regards their GDPR right to erasure). When a user closes their account on our local webapp, am I right in thinking that we can simply close their Foxy account (via API) since (given your reply) it's unique to {their e-mail address and my store} and hence we won't mess up any other relationships that the person has with other merchants/stores? That would be the ideal situation for us.
  • brettbrett FoxyCart Team
    Hi @AntonSy
    Great questions. As far as GDPR customer deletion goes, we don't (yet) have a way to do that via the API, and our understanding is that, for tax purposes, businesses must maintain invoices for up to a decade in some countries. SThat said, some of our EU users have said they'd handle that, and they just want to delete all traces.

    We do have a way to do that internally, so if you ask us, we can make it happen for you. Otherwise, you can "anonymize" their customer account via the API, but that won't change historical transaction records. SO if you want a "full" scrub, you can ask us and we'll handle it.

    (We haven't automated this yet because: a) it doesn't come up that often, and b) it's an irreversible action, and we haven't yet landed on a way we feel comfortable handling it via the API.)
Sign In or Register to comment.