Passwordless Login
Passwordless login is a way to verify a shopper’s identity without using a password. It offers protection against cyberattacks, such as phishing and brute-force password cracking. Passwordless login systems use authentication methods that are more secure than regular passwords, including one-time passwords (OTPs) and passkeys.
The Shopper Login and API Access Service (SLAS) supports multiple passwordless login methods:
- Passwordless Login with One-Time Passwords using Callback URI: Send an 8-digit, time-based OTP to your shopper for authentication. To use this method, you must have:
- A publicly accessible callback URL, such as a B2C Commerce instance, Managed Runtime environment, or your own server.
- A mechanism to share the passwordless token with the shopper, such as email or SMS.
- A SLAS private client configured to work with passwordless login.
The OTP Callback URI method also supports shopper registration. See Register a Customer with Passwordless Login.
- Passwordless Login with SMS Service Provider: Send a verification code to shoppers via SMS. To use this method, you must have an SMS service provider such as Agentforce Marketing or Amazon SNS.
- Passwordless Login with Passkeys: Authenticate your shoppers using Fast IDentity Online 2 (FIDO2) credentials, also known as passkeys. To use this method, you must have a client-side implementation to serve as the interface for calling the browser’s WebAuthn API. SLAS private and public clients both support passkeys.
- Passwordless Login with Email: Send registered shoppers an OTP via email. To use this method, you must configure a SLAS private client to work with passwordless login. No third-party integration is required.
Headless storefronts support all Passwordless Login features:
- Passwordless Login with One-Time Passwords using Callback URI
- Passwordless Login with Passkeys
- Passwordless Login with SMS Service Provider
- Passwordless Login with Email
- Register a Customer with Passwordless Login
To review feature availability for Hybrid Storefront Next storefronts, see Login and Registration Support for Hybrid Storefront Next Storefronts in the Storefront Next Developer Guide.
Passwordless Login isn’t supported for SFRA, SFRA with Hybrid Auth, or PWA Kit with Hybrid Auth.