Skip to main content
Documentation & User Guides | Fotoware

Endpoints

The API descriptor provides the following endpoints for the order API:

{
  ...
  "order": {
    "config": "/fotoweb/order-config",
    "cart": "/fotoweb/me/cart",
    "history": "/fotoweb/me/orders/",
    "admin": {
      "history": "/fotoweb/orders/",
      "pending": "/fotoweb/orders/pending/",
      "approved": "/fotoweb/orders/approved/",
      "rejected": "/fotoweb/orders/pending/"
    }
  },
  ...
}

where

Attribute

Type

Representation

Accessible By

Description

Example

order.config Link (String) Order Config all authenticated Configuration of custom order data /fotoweb/order-config
order.cart

Link (string)

Order Customer URL of the customer's personal shopping cart /fotoweb/me/cart
order.history Link (string) Order List Customer URL of the customer's personal order list /fotoweb/me/orders/
order.admin.history Link (string) Order List Administrator URL of the site's global order history /fotoweb/orders/
order.admin.pending Link (string) Order List Administrator URL of the site's global list of pending orders /fotoweb/orders/pending/
order.admin.approved Link (string) Order List Administrator URL of the site's global list of approved orders /fotoweb/orders/approved/
order.admin.rejected Link (string) Order List Administrator URL of the site's global list of rejected orders /fotoweb/orders/rejected/

Important:

All of the above attributes may be null, and an API client MUST check that they are not null before using them. In addition, the attributes order and order.admin can be null, which means that all of their sub attributes do not exist.

In the current release,

  • order.admin is non-null IF AND ONLY IF the request user has the "Approve Orders" permission, i.e., the order management API is available.
  • order.cart and order.history are non-null IF AND ONLY IF the request user has "Order" permission in at least one archive, i.e., the shopping cart API is available.
  • order is non-null IF AND ONLY IF at least one of the order management API and the shopping cart API is available

However, the order API is specified such that EACH attribute MAY be null, in order to support more fine-grained permission control and rights delegation to third-party applications in future versions.

A user interfaces SHOULD NOT show controls that require an API endpoint that is not available. A client that depends on a certain set of endpoints to be available for essential functionality should refuse to work completely and show an error message to either its user or its administrator. For example, a mobile application could display an error message which says: "You do not have the necessary permissions on this FotoWeb site to use this application. Please contact the administrator of the site".

Accessing an endpoint that is not available results in a response of 403 Forbidden.

 

  • Was this article helpful?