Me and My Stuff
Up until now, we have been working in the seller perspective. We bootstrapped a new organization and populated our first product catalog. Now that the administrative work is complete, we can change to the perspective of the buyer user we created in "Establishing API Access".
To do so, you will need to retrieve an access token for your buyer user:
Password Grant-Type Workflow
Use the access token in the response for the remainder of this chapter.
1POST https://sandboxapi.ordercloud.io/oauth/token HTTP/1.12Content-Type: application/x-www-form-urlencoded;34{5 client_id: "INSERT_SHARED_API_CLIENT_ID",6 grant_type: "password",7 username: "buyer01",8 password: "INSERT_BUYER_USER_PASSWORD",9 scope: "MeAdmin PasswordReset Shopper",10}
A Unique Perspective
Authenticating as a buyer user provides a unique perspective. The Shopper
role (reserved for buyer users) provides access to a miriad of personalized API resources that unravel and flatten complex relationships created by the admin user. These resources are commonly referred to as Me and My Stuff.
While other perspectives still can access the /me
endpoint for managing their profile, they do not have access to its sub-resources. These resources are generally for interacting with data that the buyer user is assigned to at the organization, user group, or user level. A few of them are for managing data that the buyer user owns:
Personal Addresses - a personal address book only accessible to the authenticated user
Personal Credit Cards - essentially a wallet for storing credit card tokens retrieved from a 3rd party payment provider
Security Alert - OrderCloud terms of service strictly prohibits storing full credit card information. Credit cards and payment processing should be handled by an authorized provider such as Authorize.NET or Stripe.
To access these features the buyer user must be granted specific roles: MeAddressAdmin
and MeCreditCardAdmin
respectively.
Validate Your Perspective
Let's confirm we are in the correct perspective by getting the currently authenticated user using our new access token:
Get the currently authenticated user
1GET https://sandboxapi.ordercloud.io/v1/me HTTP/1.12Authorization: Bearer INSERT_ACCESS_TOKEN_HERE3Content-Type: application/json; charset=UTF-8;
Your response should look like this:
1{2 "Buyer": {3 "ID": "BUYER_ORGANIZATION",4 "DefaultCatalogID": "BUYER_ORGANIZATION"5 },6 "Supplier": null,7 "Seller": {8 "ID": "xxxxxxxxxxxxxxxxxx"9 },10 "ID": "BUYER_USER",11 "Username": "buyer01",12 "Password": null,13 "FirstName": "Buyer",14 "LastName": "User",15 "Email": "buyer@email.com",16 "Phone": null,17 "TermsAccepted": null,18 "Active": true,19 "xp": null,20 "AvailableRoles": [21 "MeAdmin",22 "PasswordReset",23 "Shopper"24 ],25 "DateCreated": "2021-02-08T23:09:14.82+00:00",26 "PasswordLastSetDate": "2021-02-08T23:10:00.56+00:00"27}
Pay close attention to AvailableRoles
. If it does not match, take another look at when we created our buyer user in "Establishing API Access" before continuing to the next guide.
Still have questions?
Ask in our Community Channel