E-commerce
E-commerce Customer Authentication
Endpoints for customer registration, login, and password management. All requests should include a valid appID that maps to the tenant site unless your integration is pre-configured on the backend.
POST/customers/signup
Registers a new customer in aurora_customers unless authTable overrides the target table.
Request Body
{
"email": "customer@example.com",
"password": "Str0ngPass!",
"firstname": "Alex",
"lastname": "Taylor",
"displayname": "Alex T",
"appID": 42,
"authTable": "aurora_customers"
}Success Response (200 OK)
{
"status": "Success",
"_id": "2b9a1c8d1e...", // encrypted internal ID
"email": "customer@example.com",
"emailverified": true,
"firstname": "Alex",
"lastname": "Taylor",
"displayname": "Alex T",
"photourl": "",
"description": ""
}Validation & business rules: passwords must meet uppercase, lowercase, digit, and special-character requirements (minimum 8 chars). A 409 is returned if the email already exists.
POST/customers/login
Authenticates a customer and returns profile data. Supports optional extra fields via a comma-delimited extraFields string appended to the select list.
Request Body
{
"email": "customer@example.com",
"password": "Str0ngPass!",
"appID": 42,
"authTable": "aurora_customers",
"extraFields": "phone,address"
}Success Response (200 OK)
{
"status": "Success",
"message": "Login successful",
"data": {
"_id": "7c4f0a1d0b...",
"email": "customer@example.com",
"firstname": "Alex",
"lastname": "Taylor",
"displayname": "Alex T",
"description": "",
"photourl": "",
"emailverified": true,
"phone": "+15551234567",
"address": "123 Main St"
}
}Error Response (401 Unauthorized)
{
"status": "Failed",
"message": "Invalid credentials",
"data": {}
}Notes: legacy password hashes are transparently upgraded to bcrypt on successful login. No JWT token is issued by this route.
POST/customers/reset-password
Sets a new password using a previously issued reset token.
Request Body
{
"password": "NewStr0ngPass!",
"confirmPassword": "NewStr0ngPass!",
"token": "abc123def456",
"reset_password_token": "abc123def456",
"authTable": "aurora_customers"
}Success Response (200 OK)
{
"status": "Success",
"message": "Password reset successfully"
}Notes: include both token and reset_password_token fields with matching values. The validator expects reset_password_token while the controller reads token. Password strength rules from signup apply.
POST/customers/request-reset
Sends a password reset email with a one-time token.
Request Body
{
"email": "customer@example.com",
"appID": 42,
"url": "https://app.example.com/customer/reset"
}Success Response (200 OK)
{
"status": "Success",
"message": "Email with reset password instructions was sent to customer@example.com."
}Errors: if the email is not found, the service throws “No user found” and the request fails. Ensure url points to the frontend route that will capture the token appended by the API.
App User Authentication
Mirrors the customer flows but targets aurora_app_users. Provide authTable if your deployment uses custom tables.
POST/user/app/signup
Registers a new app user. Request and response bodies match /customers/signup; default table is aurora_customers unless authTable is set to aurora_app_users.
POST/user/app/login
Authenticates an app user and returns the same payload structure as customer login. Supply authTable": "aurora_app_users" to query the correct table.
POST/user/app/reset-password
Resets an app user password. Use the same request shape as customer reset with the token fields duplicated and set authTable": "aurora_app_users".
POST/user/app/request-reset
Initiates an app user password reset email. Body and responses mirror /customers/request-reset; the generated link uses the supplied url and token.
E-commerce
The e-commerce API provides comprehensive shopping cart and payment processing capabilities with Stripe integration.
POST/ecommerce/createOrder
Creates a new order in the system.
Request Body
{
"customerID": 123,
"items": [
{
"productID": 101,
"quantity": 2,
"price": 299.99
},
{
"productID": 102,
"quantity": 1,
"price": 399.99
}
],
"shippingAddress": {
"street": "123 Main St",
"city": "New York",
"state": "NY",
"zip": "10001",
"country": "USA"
},
"billingAddress": {
"street": "123 Main St",
"city": "New York",
"state": "NY",
"zip": "10001",
"country": "USA"
}
}Success Response (201 Created)
{
"status": "Success",
"data": {
"orderID": 5001,
"orderNumber": "ORD-2024-5001",
"total": 999.97,
"status": "pending"
}
}Cart Management
POST/ecommerce/addCart
Adds an item to the shopping cart.
{
"sessionID": "cart_session_123",
"productID": 101,
"quantity": 1,
"price": 299.99
}POST/ecommerce/removeCart
Removes an item from the shopping cart.
{
"sessionID": "cart_session_123",
"productID": 101
}POST/ecommerce/getOrder
Retrieves order details.
{
"orderID": 5001
}Payment Processing
POST/ecommerce/createPaymentIntent
Creates a Stripe payment intent for processing payment.
Request Body
{
"amount": 99997,
"currency": "usd",
"orderID": 5001,
"customerID": 123
}Success Response (200 OK)
{
"status": "Success",
"data": {
"clientSecret": "pi_xxxxxxxxxxxxx_secret_xxxxxxxxxxxxx",
"paymentIntentID": "pi_xxxxxxxxxxxxx"
}
}POST/ecommerce/paymentComplete
Confirms payment completion and updates order status.
Request Body
{
"paymentIntentID": "pi_xxxxxxxxxxxxx",
"orderID": 5001
}POST/ecommerce/submitOrder
Finalizes and submits the order for processing.
Request Body
{
"orderID": 5001,
"paymentMethod": "stripe",
"notes": "Please deliver after 5 PM"
}GET/ecommerce/genCode/:id
Generates a QR code for an order or product.
URL Parameters
-
id
number
required
Order ID or product ID for QR code generation.
Success Response
Returns a QR code image in PNG format.