Tiquo
Account SetupOrganization SettingsThemesSubscription & FeesWhat is a Sublocation?Import & Export DataCustom Domains
HomeOrdersOrder ItemsBookingsEnquiriesProductsAnalyticsContentCRMIntegrationsLocationsMarketingMobile AppsOperationsPaymentsSettingsCloak RoomTable & Pick Up QR TagsShortcutsSharingTeamDigital Access Control & Door Management
Devices OverviewWeb ApplicationmacOS AppStaff iOS appAndroid AppPDQ TerminalsAccessories
API IntroductionAPI AuthenticationAdmin APIClient APIDOM PackageHosted PackageOAuth / OIDCTracking Pixel
Security & Compliance OverviewInfrastructure & Platform SecurityIdentity & Access ManagementPayments SecurityThreat Detection & MonitoringData Protection & ComplianceSupported Regions
API and AuthenticationDOM Package

Customer Authentication

JavaScript SDK for browser-based customer authentication

Customer Authentication with the DOM Package

The DOM Package authenticates customers with an email OTP flow. The customer enters their email address, receives a 6-digit verification code, and signs in without a password or redirect.

Once authenticated, the SDK issues JWT access and refresh tokens that work with the Client API.

For installation and initialization, see Setup.

Quick Start

import { TiquoAuth } from '@tiquo/dom-package';

// Initialize with your public key
const auth = new TiquoAuth({
  publicKey: 'pk_dom_your_key_here',
});

// Step 1: Send an OTP to the customer's email
await auth.sendOTP('customer@example.com');

// Step 2: Verify the OTP code the customer received
const result = await auth.verifyOTP('customer@example.com', '123456');

// The customer is now authenticated
const user = await auth.getUser();
console.log(user.email);

Authentication Flow

Sending an OTP

Call sendOTP with the customer's email address. Tiquo will send a 6-digit verification code to that address.

try {
  await auth.sendOTP('customer@example.com');
  // Show the OTP input field in your UI
} catch (error) {
  console.error('Failed to send OTP:', error.message);
}

The email is sent from a branded sender that you can customize per domain in Settings > Auth DOM > Allowed Domains. Each domain can have its own sender name and email theme.

Verifying an OTP

Call verifyOTP with the same email and the code the customer entered. On success, the SDK stores the JWT tokens and the customer is signed in.

try {
  const result = await auth.verifyOTP('customer@example.com', '123456');
  // Customer is now authenticated
  console.log('Signed in as:', result.email);
} catch (error) {
  console.error('Verification failed:', error.message);
}

After successful verification, the SDK:

  • Stores the access token and refresh token in localStorage
  • Sets a cross-subdomain cookie (tiquo_customer_user_ids) for tracking pixel integration
  • Broadcasts the login event to other open tabs

Checking Authentication State

// Check if the customer is currently authenticated
const isLoggedIn = auth.isAuthenticated();

// Get the current user's profile (fetches from Client API if needed)
const user = await auth.getUser();
if (user) {
  console.log(user.email);
  console.log(user.customer?.displayName);
}

isAuthenticated() checks whether a valid (non-expired) access token exists. getUser() returns the cached session data, or fetches it from the Get Profile endpoint if no cache is available.

How It Works with the Client API

The DOM Package is essentially a thin authentication layer on top of the Client API. Here is the full flow:

  1. Your website loads the SDK and initializes it with your public key
  2. The customer enters their email and receives a verification code
  3. After verifying the code, Tiquo issues a JWT access token and refresh token
  4. The SDK stores these tokens in the browser and uses them for all Client API requests
  5. When the access token expires, the SDK automatically calls the refresh endpoint to get a new pair
  6. All Client API data (profile, orders, bookings, enquiries) is scoped to the authenticated customer

The SDK sends OTP requests to https://edge.tiquo.app/api/auth-dom/otp/send and https://edge.tiquo.app/api/auth-dom/otp/verify. After successful verification, it uses the standard Client API endpoints at https://edge.tiquo.app/api/client/v1/.

Setup

Install and initialize the Tiquo DOM Package

Website Analytics

Track first-party website analytics with the DOM Package

On this page

Customer Authentication with the DOM PackageQuick StartAuthentication FlowSending an OTPVerifying an OTPChecking Authentication StateHow It Works with the Client API