The API endpoints in EvenCart require same level of capabilities for the caller, as they would in a website. For example, public pages endpoints like product catalog pages, content pages etc. can all be accessed without any authentication token.
However pages like profile management, checkout etc. needs to be authenticated. The following document describes the authentication process used in EvenCart.
EvenCart by default uses bearer authentication for the purposes of validating user requests. The user needing the authorization needs to send a POST request request to
/api/Authentication/login to obtain the token. To know more about the parameters read the endpoint details.
The token received can be preserved for subsequent requests and must be sent with each individual request as a bearer token. This involves sending an http header called
Authorization with your request.
Authorization: Bearer adfSWERASFADSCewsa343T$5w5wsfdf3223@34etfdg2254fawer
The token itself is a Json Web Token (JWT) that contains the user privileges for requests. For every request, EvenCart verifies the token. If the token is found to be a valid token, the request is processed normally.
If the token is found to be invalid, a
401 unauthorized response is sent to the client.
Public Endpoints Authentication
Some public endpoints like
register need to set another header
X-API-VERIFICATION in order to perform any POST actions. The value of this header is set to a shared api access key generated from the administration.
Note - The shared key can be seen only once during generation and can never be seen again. You should store this key at some safe place as this can't be recovered.
If you are creating an application that access API and makes POST requests without having a user's authentication token, the
X-API-VERIFICATION header with valid value must be present to fulfill the request.
X-API-VERIFICATION header is not provided for any public end point POST request, then a
400 bad request response is sent to the client.
Now that we understand the authentication, we can proceed to understand the request and response formats.