Sitecore OrderCloud Documentation

docs

Portal login

Me and My Stuff

Up until now, we have been working in the seller perspective. We bootstrapped a new organization and populated our first product catalog. Now that the administrative work is complete, we can change to the perspective of the buyer user we created in "Establishing API Access".

To do so, you will need to retrieve an access token for your buyer user:

Password Grant-Type Workflow

Use the access token in the response for the remainder of this chapter.

POST https://sandboxapi.ordercloud.io/oauth/token HTTP/1.1
Content-Type: application/x-www-form-urlencoded;

{
    client_id: "INSERT_SHARED_API_CLIENT_ID",
    grant_type: "password",
    username: "buyer01",
    password: "INSERT_BUYER_USER_PASSWORD",
    scope: "MeAdmin PasswordReset Shopper",
}

A Unique Perspective

Authenticating as a buyer user provides a unique perspective. The Shopper role (reserved for buyer users) provides access to a miriad of personalized API resources that unravel and flatten complex relationships created by the admin user. These resources are commonly referred to as Me and My Stuff.

FURTHER READING

Me and My Stuff

While other perspectives still can access the /me endpoint for managing their profile, they do not have access to its sub-resources. These resources are generally for interacting with data that the buyer user is assigned to at the organization, user group, or user level. A few of them are for managing data that the buyer user owns:

  • Personal Addresses - a personal address book only accessible to the authenticated user

  • Personal Credit Cards - essentially a wallet for storing credit card tokens retrieved from a 3rd party payment provider

Security Alert - OrderCloud terms of service strictly prohibits storing full credit card information. Credit cards and payment processing should be handled by an authorized provider such as Authorize.NET or Stripe.

To access these features the buyer user must be granted specific roles: MeAddressAdmin and MeCreditCardAdmin respectively.

Validate Your Perspective

Let's confirm we are in the correct perspective by getting the currently authenticated user using our new access token:

Get the currently authenticated user
GET https://sandboxapi.ordercloud.io/v1/me HTTP/1.1
Authorization: Bearer INSERT_ACCESS_TOKEN_HERE
Content-Type: application/json; charset=UTF-8;

Your response should look like this:

{
	"Buyer": {
		"ID": "BUYER_ORGANIZATION",
		"DefaultCatalogID": "BUYER_ORGANIZATION"
	},
	"Supplier": null,
	"Seller": {
		"ID": "xxxxxxxxxxxxxxxxxx"
	},
	"ID": "BUYER_USER",
	"Username": "buyer01",
	"Password": null,
	"FirstName": "Buyer",
	"LastName": "User",
	"Email": "buyer@email.com",
	"Phone": null,
	"TermsAccepted": null,
	"Active": true,
	"xp": null,
	"AvailableRoles": [
		"MeAdmin",
		"PasswordReset",
		"Shopper"
	],
	"DateCreated": "2021-02-08T23:09:14.82+00:00",
	"PasswordLastSetDate": "2021-02-08T23:10:00.56+00:00"
}

Pay close attention to AvailableRoles. If it does not match, take another look at when we created our buyer user in "Establishing API Access" before continuing to the next guide.

Still have questions?
Ask in our Community Channel

Content Powered By
Sitecore Logo

© Copyright 2024, Sitecore OrderCloud®. All rights reserved.

Contact Us
Privacy Policy
Sitecore