All requests to the order API require user authentication. Clients of the order API can make requests on behalf of
- a user that manages and approves orders, who in this documentation is called administrator.
- a user that has a shopping place order, who in this documentation is called customer.
Management and approval of orders require a user with the "Approve Orders" group permission. This user may be a person (and there is an actual user interface for managing and approving orders), but in a scenario where a third-party integration fully automates order management and approval, the built-in Administrator user (server-to-server API authentication) can be used.
Custom webshop integrations typically only need to make requests on behalf of the administrator.