Public Backlog

v 6.5 Release date: 16 Mar, 2022

Public API for Orders

Create public API endpoints:

  • CRM ORDERS
    • [GET] Get Orders List
    • [GET] Get Single Order
    • [PUT] Update Order

See temporary API endpoint documentation here.

API Applications setup:

Add new page:

  • Settings -> API Applications

Allow to:

  • list applications
  • create new application
    • Fields
      • Name [string] required
      • Enabled [boolean] default: true
    • DESIGN
  • Edit application
    • Fields
      • Name [string] required
      • Enabled [boolean] default: true
    • Allow to
      • copy `ClientId` and `ClientSecret`
      • regenerate `ClientSecret`
        • once regenerated - revoke all existed access tokens for the public API
    • DESIGN
  • Delete application
    • Show confirm dialog:
      “Are you sure you want to delete this app?”

Site Plan Restrictions:

Allow using Public API starting Pro plan

Admin User Restrictions:

Add restrictions

  • API Applications
    • Can View
    • Can Add
    • Can Edit
    • Can Delete

Retrieve access token endpoint:

  • URL
    • /api/v1/oauth/token
  • Type
    • POST
  • Content-Type
    • application/x-www-form-urlencoded
  • POST params
    • grant_type
      • client_credentials
    • client_id
      • {{client_id}}
    • client_secret
      • {{client_secret}}
    • scope
      • public_api

On Success return bearer token (life time 4 hours):

{
"access_token": "tokenStringHere",
"expires_in": 14400,
"scope": "public_api",
"token_type": "Bearer"
 }

If an app is disabled - return error:

{
"ErrorCode" : 401001,
"Message"   : "The application is disabled"
}

If clientId/clientSecret pair wasn't found - return error:

{
"ErrorCode" : 401002,
"Message"   : "Invalid client_id and/or client_secret"
}

If site plan is less than Pro:

{
"ErrorCode" : 401003,
"Message"   : "Public API is restricted for your site plan"
}

If scope is invalid:

{
"ErrorCode" : 401006,
"Message"   : "Invalid Scope"
}

If grant_type is invalid

{
"ErrorCode" : 401007,
"Message"   : "Invalid Grant Type"
}

API version 1

All of the following endpoints requires Authorization header with the token retrieved by retrieve access token endpoint

​If any request doesn't contain access token or token can't be found in DB, show error:

{
"ErrorCode" : 401000,
"Message"   : "Invalid Access Token"
}

ElseIf any request contains access token but it has been expired, show error:

{
"ErrorCode" : 401004,
"Message"   : "Access Token expired"
}

ElseIf an app associated with the access token - is disabled:

{
"ErrorCode" : 401001,
"Message"   : "The application is disabled"
}

ElseIf access token - is revoked:

{
"ErrorCode" : 401005,
"Message"   : "The Access Token has been revoked"
}

BUG FIXES