Create public API endpoints:
- CRM ORDERS
- [GET] Get Orders List
- [GET] Get Single Order
- [PUT] Update Order
See temporary API endpoint documentation here.
API Applications setup:
Add new page:
- Settings -> API Applications
Allow to:
- list applications
- create new application
- Fields
- Name [string] required
- Enabled [boolean] default: true
- DESIGN
- Edit application
- Fields
- Name [string] required
- Enabled [boolean] default: true
- Allow to
- copy `ClientId` and `ClientSecret`
- regenerate `ClientSecret`
- once regenerated - revoke all existed access tokens for the public API
- DESIGN
- Delete application
- Show confirm dialog:
“Are you sure you want to delete this app?”
Site Plan Restrictions:
Allow using Public API starting Pro plan
Admin User Restrictions:
Add restrictions
- API Applications
- Can View
- Can Add
- Can Edit
- Can Delete
Retrieve access token endpoint:
- URL
- Type
- Content-Type
- application/x-www-form-urlencoded
- POST params
- grant_type
- client_id
- client_secret
- scope
On Success return bearer token (life time 4 hours):
{ "access_token": "tokenStringHere", "expires_in": 14400, "scope": "public_api", "token_type": "Bearer" }
If an app is disabled - return error:
{ "ErrorCode" : 401001, "Message" : "The application is disabled" }
If clientId/clientSecret pair wasn't found - return error:
{ "ErrorCode" : 401002, "Message" : "Invalid client_id and/or client_secret" }
If site plan is less than Pro:
{ "ErrorCode" : 401003, "Message" : "Public API is restricted for your site plan" }
If scope is invalid:
{ "ErrorCode" : 401006, "Message" : "Invalid Scope" }
If grant_type is invalid
{ "ErrorCode" : 401007, "Message" : "Invalid Grant Type" }
API version 1
All of the following endpoints requires Authorization header with the token retrieved by retrieve access token endpoint
If any request doesn't contain access token or token can't be found in DB, show error:
{ "ErrorCode" : 401000, "Message" : "Invalid Access Token" }
ElseIf any request contains access token but it has been expired, show error:
{ "ErrorCode" : 401004, "Message" : "Access Token expired" }
ElseIf an app associated with the access token - is disabled:
{ "ErrorCode" : 401001, "Message" : "The application is disabled" }
ElseIf access token - is revoked:
{ "ErrorCode" : 401005, "Message" : "The Access Token has been revoked" }
|