Hi,
I'm not sure how does CS-Cart's Auth API works, and the overall API behavior. As far as I can see, it seems whatever activities we want to execute, we need to use admin's email and API key to authenticate. For example, create orders and products.
It looks like admin is creating orders on behalf of customer, and creating products on behalf of vendor.
If this is the case, what is the purpose of the "key" that is returned when we call Auth API to authenticate a customer or vendor? How do we use the "key" and "link" for a customer to place an order, and a vendor to create a product?
I’ve seen that documentation but it doesn’t tell how to place an order as a customer? Not by the admin.
If you are passing the complete customer information with the order create request then the order will use the customer info supplied.
Yes, you are right. However, the API will auto populate "orders-issuer_id" as 1. When I view the order from the web, it will show the order is created by the admin, the details are the customer's details.
When we pass in authorization details in the header, it must always be the admin's email and API key?
Yes, you are right. However, the API will auto populate "orders-issuer_id" as 1. When I view the order from the web, it will show the order is created by the admin, the details are the customer's details.
When we pass in authorization details in the header, it must always be the admin's email and API key?
Yes, but you can create another admin account and enable API access to him. If the key of the new admin is used, he will be displayed as issuer for the orders
Noted with thanks. I thought I could simulate customer making the order through API, as in customer is the issuer, similar to making order from the web.
app/Tygh/Api/Entities/Orders.php
try to replace:
list($order_id, ) = fn_place_order($cart, $customer_auth, 'save', $this->auth['user_id']);
with
list($order_id, ) = fn_place_order($cart, $customer_auth, 'save', !empty($params['user_id']) ? $params['user_id'] : $this->auth['user_id']);
(!) Not tested
Works great! Thanks eComLabs!
But do note that you will now loose track of what account the order was created through. What does it matter who the issuer is? The important thing is the customer info.
Thanks for your concern and highlighting the impact. I need to standardize the order creation so that the users will not be confused as the issuer details can be seen in order details when the users login from the web.
When making an order from the web, the issuer_id is always NULL. But when using the API, it is always set to 1. Viewing the order from the web, users can see details of the admin.
I find that this API is specifically for admin usage only. It is not meant for customers / vendors. The reason why I need it for customers / vendors because I need to build custom native mobile app for customers / vendors.