Loading

B2C Commerce API SLAS Passwordless Login without receiving token in the callback or by SMS

Publish Date: Apr 11, 2025
Description

Use case: Upon clicking the link in the abandoned cart email, each customer should be seamlessly redirected to their respective carts. In cases where customers haven't logged in, the system should automatically initiate customer login, eliminating the need for them to manually enter their email and password.

Is there a viable approach to implement Passwordless Login for storefront users using Commerce API Shopper Login and API Access Service (SLAS) APIs without the necessity of receiving tokens through callbacks or SMS during the authentication process?

Resolution

The SLAS Passwordless login provides a secure method for verifying a shopper's identity without relying on traditional passwords. This approach safeguards against cyber threats like phishing and brute-force attacks. Passwordless login systems leverage advanced authentication methods, such as magic links and one-time codes, enhancing overall security compared to conventional password-based systems.

 

Bypassing the validation step in Passwordless Login flow carries a significant security risk. Attackers may exploit vulnerabilities, potentially gaining access to a shopper's email inbox or the URL through email interception. This could compromise Personally Identifiable Information (PII) and even lead to unauthorized access to saved credit card information on the website.

 

Salesforce strongly discourage any approach that bypasses the validation step, as it introduces a considerable security vulnerability. It is not advisable to permit automatic login without two-factor authentication (2FA) or a secure login flow to mitigate the risk of a security breach by design.

Knowledge Article Number

000694752

 
Loading
Salesforce Help | Article