All requests to the order API require user authentication. Clients of the order API can make requests on behalf of
- A user that manages and approves orders, who in this documentation is called administrator.
- A user that has a shopping places orders, who in this documentation is called customer.
Management and approval of orders requires a user that has the "Approve Orders" group permission. This user may be a person (and there is an actual user interface for managing and approving orders), but in a scenario where order management and approval is fully automated by a third-party integration, the built-in Administrator user (server-to-server API authentication) can be used.
Custom web shop integrations typically only need to make requests on behalf of the administrator.