The Foxy forums are on the move!

We're in the process of moving our forums over to a new system, and so these forums are now read-only.
If you have a question about your store in the meantime, please don't hesitate to reach out to us via email.

Using the API for authentication

mjwallamjwalla Member
in Help edited September 2010
Hello All,

On Foxycart 051, can someone point us in the right direction on using Foxycart's authentication mechanism to log a user into our website, and check if they are a recurring donor.

The idea is to setup a password-protected membership page for recurring donors, and we are trying to use Foxycart to piggy back the authentication & authorization.

  • lukeluke FoxyCart Team
    Hey mjwalla. This would be your starting point:

    Are you looking to hire a developer?
  • brettbrett FoxyCart Team
    Alternately, if you're just looking to see if a user exists and that the entered password is correct, you could basically copy what the FoxyCart javascript is doing when an email + password is entered on the checkout. I think that's actually closer to what you're after. SSO will let you use your own system to control checkout authentication. You want to go the other way, yes?
  • Hi Brett and Luke,

    Thanks for your replies.

    I am after a simple authentication described by Brett. We do not yet have interest in full fledged SSO.

    Here is a requirement:

    - Any user who is currently an active recurring donor should be able to login using their Foxycart login/password (we do not allow guest checkouts).

    Also - could you please tell me where to apply for the API key?

    Thanks again :)
  • lukeluke FoxyCart Team
    The API Key (also known as the Datafeed Key) is listed under the "advanced" menu in FoxyCart.
  • brettbrett FoxyCart Team
    - Any user who is currently an active recurring donor should be able to login using their Foxycart login/password (we do not allow guest checkouts).
    Wait, so you mean you want to basically disallow _new_ customers from checking out? Only allow existing donors can continue to donate?

    Or you mean you want to use the FoxyCart system to authenticate for something _else_? That's what I thought you meant, but I should make sure.

    The issue with that is this: What are you actually giving them access to? At some point you need to have the users exist on your database, so you can display their user-specific info, right? So is the solution to actually authenticate against the FoxyCart system? Or to just create and sync users from FoxyCart to your own system?
  • Luke, Thanks! Got it.

    Brett, yes, the idea is to authenticate the users with FoxyCart to give them access to something else (basically, giving some additional downloadable content as gifts to recurring donors).

    Our need is pretty simple for now, and we do not foresee it turning into a big SSO anytime soon.
  • Luke, just wondering, in the "advanced" menu, if we do not need to access the whole data feed, should we just empty out the data feed URL field and simply use the data feed key for the API connection?
  • brettbrett FoxyCart Team
    So, two things.
    First, if you don't want the XML datafeed, just uncheck the box. You can still set your API key.

    Second, if you want to just use the FoxyCart authentication as a sort of OpenID approach, you'd have to see how the checkout's doing it and basically piggyback that. If your needs are relatively straightforward you could just do it all by javascript and set an authenticated cookie upon successful authentication. It definitely wouldn't be a good solution for more advanced stuff, but for what it sounds like you're describing it'd be a pretty slick little approach.
Sign In or Register to comment.