Authentication

Note

If there is an alternative, existing authentication mechanism that is warranted, such as Server-based OAuth2, Lucid Green can build support for it. Please contact us directly to determine if we can support the existing authentication mechanism.

Authentication should be handled via a secure token.

The 3PP should provide an integration page for accounts to retrieve their Lucid Green Authorization Token and copy/paste it into an integration configuration page on LucidRetail. LucidRetail will retain the Authorization Token securely in its database using encryption, but it is up to the 3PP to manage the lifecycle of the Authorization Token to ensure it can remain secure.

LucidRetail will send the Authorization Token to the 3PP APIs whenever they are accessed on behalf of a retailer as an HTTP Authorization header:

Header

Authorization: Token <token>

The 3PP should evaluate the provided Authorization Token and determine if it is valid. If it does match a known Authorization Token associated with a specific 3PP account, the API call should be allowed to proceed as authenticated for that account. If it does not match a know Authorization Token for a specific 3PP account, the API call should fail with an HTTP 401 error (“Unauthorized”).