Most of the API functions will take either "customerToken" or "publisherToken" as their first parameter. Both types of tokens look similar (they are 48-character keys). Their purpose (and so level of access they give) is different.
After a purchase is made (or access is granted) on the Cleeng platform, Cleeng will automatically pass Customer Token back to your website or application. It can be used then to verify access, using the getAccessStatus method.
Two things worth mentioning:
- You can keep the Customer Token stored in the cookie, as it cannot be used to modify any data on Cleeng Platform directly. In that case, the user will have to log-in again.
- If you're using PHP SDK, you don't need to worry at all about handling the tokens. The SDK will automatically pass customerToken to functions that need it. For more information, please refer to the reference of getAccessStatus.
By default, the Customer Tokens (and the cookie in which they are kept) expire two weeks after being created. The generateCustomerToken function can be used to generate a new token if the old one has expired.
The Publisher Token is used to identify the merchant (the seller). This token is used to create and update offers, as well as gives access to other e-commerce functions (like reporting).
It can be obtained from API Keys Page (you must be logged in to Cleeng as a publisher to see this page).
Important: never expose your Publisher Token to the public. It will allow price updates and other sensitive data access.