The Sitecore Order Cloud is a rich and mature e-commerce engine.
It has a few must-know security related definitions:
- Security Profiles– a custom scope of the roles which can be assigned to the different levels: user, user group, buyer, seller, or supplier level.
- Roles – this is data access, which can be granularly assigned, for example, BuyerReader, BuyerAdmin, OrderAdmin, etc.:
To log in as a user to the Order Cloud sandbox, you should do the POST request to the next URL:
https://sandboxapi.ordercloud.io/oauth/token
Shared API Client which can be created in OC Console (Seller section).
Where the client_id is the read-only unique ID is used for OAuth 2.0 workflows and OrderCloud impersonation to represent this Client Application.
The user SimpleBuyer has been registered in Order Cloud console previously.
The response after the request is a bearer token:
Then all the requests should have proceeded with the obtained token.
To see all the Order Cloud API, please check the next URL: https://api.ordercloud.io/v1/openapi/v3
To simplify work with the API, you can import it into the Postman and see the next structure:
To reuse the authorization token you should choose a specific request, for example:
- Choose the Get a list to buyers.
- Click on the Authorization tab.
- In the Access Token field paste the bearer token.
- Click the Send button.