Fast Login for Other Platforms
Ready to get Fast? Here’s how to easily install Fast Login for your e-commerce store.

Looking to install Fast Login for your BigCommerce store?
See all platforms
1
Start Onboarding
First up: answer a few questions about your business in the seller dashboard. You’ll need a Fast account to get started.
Start onboarding in Fast's seller dashboard ⭢
1. Tell us about your business
We use this information to verify your account.
2. Tell us about your website
Next, tell us about the website where you want to install Fast Login.
3. Choose Custom
Select “Custom” as your platform. If your site is hosted on BigCommerce, follow these instructions instead.
2
Copy the code
Use this snippet in your code to install the Fast Login button.
3
Authenticate the user
After installing the Fast Login button, the next step is to write server-to-server authentication code in order to authenticate the user.

To verify that a user is logged in, the token must be sent by your frontend client to a backend endpoint and then sent to the Fast server for verification. When that’s successful, Fast will respond with login metadata and the user’s email and name, which you’ll need to store for later use.
200
Success
Schema
{
 “login_id”: “A93439FJDFDSJ”,
 “login_time”: “348348328”
 “user_email”:  “[email protected]”,
 “user_first_name”: “John”,
 “user_last_name”: “Smith”
}
{

“login_id”: “{{unique ID for logging, replay-prevention, etc}}”,

“login_time”: “{{time that Fast issued this login event}}”

“user_email”:  “{{user’s email}}”,

“user_first_name”: “{{user’s first name / given name}}”,

“user_last_name”: “{{user’s last name / family name}}”

}
401
Failure
Schema
{
“code”, 1232,
“message” , “token not authentic”
}
401
{
 “code”: {{ignore this}},
 “message”: “token not authentic”
}

4
Handle user logins
Server-side login handling
When you get a 200 response from Fast, this means the user has successfully authenticated themself. You can now check if a user with the provided email address exists in your system. If they do, you can log them in and authorize them.

If they don’t exist in your system, you can create a new user for that email address by using the email address and the name provided in the response.
Client-side login handling
Your existing client-side auth flow can be reused once the user is authenticated. Typically this means that no login form is displayed (including the Fast Login button) and a logout button may be displayed.

Logout is handled entirely by you and no interaction with Fast is needed to perform a user logout. For example, you may clear your own server cookie and redirect the user back to your login page, where they’ll find the Fast Login button.
5
Go Fast 🚀
That’s it! You’re now all set up with the world’s fastest login.
Security Checklist
Your dos and don’ts for keeping things secure.

Tl;dr: In general, don’t trust anything sent by the client in the login flow.
Do securely store the user’s email and name.
Don’t store the login token.
Do send the token.
Don’t send these fields as part of your Fast Login integration API call exposed to the client.
Do look up the app ID from a configuration file / environment variable, if you only have a single Fast app.
Do keep an internal association of app IDs based on your business requirements and compute the app ID based on these requirements.
Don’t accept an app ID sent by an API call from the client.
Do rely on the result of the Fast server’s verify endpoint to obtain this information.
Don’t use names or emails provided by an API call from the client.
Fast Tip
Fast cannot be queried for the user’s email and name except through the verify endpoint along with a valid token. The custom application must store this information itself in order to make persistent use of it in the web client. Do not store or otherwise reuse the login token.