No announcement yet.

Customer Account Password Hashing

  • Filter
  • Time
  • Show
Clear All
new posts

  • Customer Account Password Hashing

    I need to verify a customer's password with their account in 3DCart. Essentially, I'm trying to build a portal or landing page that is external from 3DCart, but uses the same customer account.

    Using the API, I can retrieve what looks to be a hashed string of the customers password. Does anyone know what algorithm 3DCart is using the store passwords? If I know the algorithm, I can use the same to verify the customers password. It looks like a md5 hash with a salt...

    A better option would be for 3DCart to provide an API endpoint for password checking. Or even better, a way to open a login window that was hosted by 3DCart and then when the user logs in successfully a callback with an authentication token would be passed back to an application.

    If anyone can shed some light on this, that would be great.


  • #2
    Hey Matt,

    We recently released a new method that may help you with this:

    You should be able to use that for a single sign on app.


    • #3
      3dcart-Shavoy he wants to validate external logins using existing customer accounts, not admin accounts - the url you linked does not solve his issue.

      ozzyonfire i dont believe this exists - ive tried to do something similar in the past also. What is the intended purpose if you dont mind sharing? Perhaps there is a creative way to work within the existing authentication system (using iframes and cross origin calls etc)


      • #4
        Ya I didn't think about doing something like that. I think for now, I will just create a page in 3DCart that needs to be accessed by a person who is logged in.

        We are trying to create a preferred customer group that our customers can join for a fee (i.e. amazon prime) which gives them added benefits and discount pricing. We are going to use Stripe to manage the membership payment and auto-renewal.

        We would like the signup process to be as hands-off as possible (for the admins). So I was thinking of a workflow like this:

        - Customer logs into their account via a landing page
        - Custom Stripe checkout button to sign the customer up and collect payment
        - After payment is successful, move the customer to a different customer group in 3DCart which has all the benefits
        - If the customers cancels the membership through Stripe, all we have to do is move the customer out of the customer group and they lose their benefits.

        I just need to verify that the customer already has an account with us (and verify that they are who they say they are) before they pay.

        Any ideas would be great. Thanks,