Documentation
Feedback
Guides
API Reference
App Development
Storefront Development
VTEX IO Apps
Troubleshooting
Release Notes
Guides
VTEX Platform Overview
API usage
Getting started
Integration Guides
Catalog
Checkout
Master Data
Payments
Orders
Logistics
B2B Suite
VTEX Sales App
UI Customization
Message Center
Pricing
Promotions
Infrastructure
Search
Storefront Permissions
VTEX Activity Flow
VTEX Ads
VTEX Session
VTEX Shield
Data Protection Plus
Weni by VTEX
Guides
API usage
Authentication
Checking which user is currently authenticated

Checking authenticated users via authorization cookies

Learn how to check which user is currently authenticated in your store using their authentication token and VTEX APIs.

In this guide, you will learn how to verify if a user is currently authenticated in your store using their authentication token stored in cookies. Additionally, you will learn how to retrieve identifying information, such as their user ID and email, using VTEX's API.

Authentication cookies overview

When a user logs into your store, cookies are created to store the authorization token. From that point onward, these cookies are automatically included in all requests to VTEX servers, enabling the system to identify the user performing the action.

In situations other than API requests to VTEX, you may need to check whether the user is logged in or retrieve identifying information, such as their email or user ID. These actions can also be accomplished using the authentication cookies.

Note that these cookies have the HTTP Only and Secure options enabled. This means they cannot be accessed via JavaScript and will only be sent over secure HTTPS requests.

Instructions

Sending the request to verify user authentication

To check the authenticated user, send a request to the POST Check authenticated user endpoint, replacing the example account name, API key / token pair and user token.

Request

_10
curl --request post \
_10
--url 'https://apiexamples.vtexcommercestable.com.br/api/vtexid/credential/validate?an=exampleAccount' \
_10
--header 'Accept: application/json' \
_10
--header 'Content-Type: application/json' \
_10
--header 'X-VTEX-API-AppKey: 123' \
_10
--header 'X-VTEX-API-AppToken: 123' \
_10
--data '{"token":"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c"}'

200-Response

_10
{
_10
"authStatus": "Success",
_10
"id": "1f6c17e5-06f9-44a9-a459-b3686e03fa9d",
_10
"user": "john@mail.com",
_10
"account": "apiexamples",
_10
"audience": "admin",
_10
"tokenType": "user"
_10
}

Analyzing the API response

Authenticated user

If the user is authenticated, the API will return a JSON object with the following structure:

  • authStatus: The authentication status (e.g., Success).
  • id: The unique user ID within VTEX services.
  • user: The user's email address.
  • account: The account name associated with the request.
  • audience: The audience scope of the token (e.g., admin).
  • tokenType: The type of token used for authentication (e.g., user).
Request

_10
curl --request post \
_10
--url 'https://apiexamples.vtexcommercestable.com.br/api/vtexid/credential/validate?an=exampleAccount' \
_10
--header 'Accept: application/json' \
_10
--header 'Content-Type: application/json' \
_10
--header 'X-VTEX-API-AppKey: 123' \
_10
--header 'X-VTEX-API-AppToken: 123' \
_10
--data '{"token":"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c"}'

200-Response

_10
{
_10
"authStatus": "Success",
_10
"id": "1f6c17e5-06f9-44a9-a459-b3686e03fa9d",
_10
"user": "john@mail.com",
_10
"account": "apiexamples",
_10
"audience": "admin",
_10
"tokenType": "user"
_10
}

Sending the request to verify user authentication

To check the authenticated user, send a request to the POST Check authenticated user endpoint, replacing the example account name, API key / token pair and user token.

Analyzing the API response

Authenticated user

If the user is authenticated, the API will return a JSON object with the following structure:

  • authStatus: The authentication status (e.g., Success).
  • id: The unique user ID within VTEX services.
  • user: The user's email address.
  • account: The account name associated with the request.
  • audience: The audience scope of the token (e.g., admin).
  • tokenType: The type of token used for authentication (e.g., user).
Request

_10
curl --request post \
_10
--url 'https://apiexamples.vtexcommercestable.com.br/api/vtexid/credential/validate?an=exampleAccount' \
_10
--header 'Accept: application/json' \
_10
--header 'Content-Type: application/json' \
_10
--header 'X-VTEX-API-AppKey: 123' \
_10
--header 'X-VTEX-API-AppToken: 123' \
_10
--data '{"token":"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c"}'

200-Response

_10
{
_10
"authStatus": "Success",
_10
"id": "1f6c17e5-06f9-44a9-a459-b3686e03fa9d",
_10
"user": "john@mail.com",
_10
"account": "apiexamples",
_10
"audience": "admin",
_10
"tokenType": "user"
_10
}

Non-authenticated user

If the user is not authenticated, the HTTP status will be 401 (Unauthorized).

Contributors
3
Photo of the contributor
Photo of the contributor
Photo of the contributor
Was this helpful?
Yes
No
Suggest Edits (GitHub)
API authentication using user tokens
« Previous
Expiring a shopper's password
Next »
See also
API authentication using user tokens
Guides
Contributors
3
Photo of the contributor
Photo of the contributor
Photo of the contributor
Was this helpful?
Suggest edits (GitHub)
On this page