Passwordless Login | SCAPI | B2C Commerce API

Passwordless login is a way to verify a shopper’s identity without using a password. It offers protection against cyberattacks, such as phishing and brute-force password cracking. Passwordless login systems use authentication methods that are more secure than regular passwords, including one-time passwords (OTPs) and passkeys.

The Shopper Login and API Access Service (SLAS) supports multiple passwordless login methods:

Passwordless Login with One-Time Passwords using Callback URI: Send an 8-digit, time-based OTP to your shopper for authentication. To use this method, you must have:
- A publicly accessible callback URL, such as a B2C Commerce instance, Managed Runtime environment, or your own server.
- A mechanism to share the passwordless token to the shopper, such as email or SMS.
- A SLAS private client configured to work with passwordless login.

You can also register a new shopper with the OTP Callback URI method for passwordless login. See Register a Customer with Passwordless Login.

Passwordless Login with SMS: Send a verification code to shoppers via SMS. To use this method, you must have an SMS service provider such as Marketing Cloud or Amazon SNS.
Passwordless Login with Passkeys: Authenticate your shoppers using Fast IDentity Online 2 (FIDO2) credentials, also known as passkeys. To use this method, you must have a PWA Kit storefront for client-side integration. Passkeys are supported for both SLAS private and public clients.
Passwordless Login with Email: Send registered shoppers an OTP via email. To use this method, you must configure a SLAS private client to work with passwordless login. No third-party integration is required.