I an deleting items from spree cart using the following spree api url
/api/orders/#{current_order.number}/line_items/#{line_iem.id}?line_item[variant_id]=#{line_item.variant.id}&line_item[quantity]=0&token=MyToken
the token used here is of a single user. I want to implement this in generic way so that it can be used for both guest and registered user.. is it possible?
any help would be highly appreciated
Regards
Whenever you create an order using the Spree API, you get an order_token in the response. From the Spree API Guide:
The order_token parameter will work for authorizing any action for an order within Spreeās API.
So instead of appending &token=... you should append &order_token=...
It will work for both registered users as well as guests.
Related
I've received the above error when following the guides from Shopify to create a Rails app. None of the other solutions worked and I followed the Shopify guide to the tee.
Downloading the Shopify Rails app from github, I saw that they had this in their shop model:
def api_version
ShopifyApp.configuration.api_version
end
Simply put, you made an API call without opening up a valid session. A session opens when you provide a shop domain, its API token, and the version of the API you expect to use.
If you fail to open a session, and make a call, you get that message. So inspect your code, and ensure you have a session. The convenience method is used all over the place, first get a shop instance, then use the method with_shopify_session. Your problem will then go away. You can also hot-rod this for NON typical use cases, by making a similar method with_api_session that mimics the Shopify call, allowing you to function with your own codes, where perhaps you are not directly installed an App but still have API keys. Think private Apps.
I'm creating a Rails app which have both a GUI part, and a REST/JSON-API.
The REST/JSON API is fairly simple, and the controller returns data like this:
def get_players
#players = Player.all
render json: #players
end
The GUI part of the app is using Devise for authentication, and it works fine.
Now I want to add authentication for the REST/JSON Api too, how do I do that?
Also, how do I test the REST API using curl when the Authentication is added?
---- edit ----
as it turns out, Devise wasnt necessary in this case. A home-cooked token-authentication method works for now. (token created when Player is created, and returned on correct e-mail/password combo).
After getting a few tips, I found a number of great sites. There are several ways to do this, however I don't know which one is best, but these sites help a long way:
https://github.com/lynndylanhurley/devise_token_auth (An extension to
Devise)
https://labs.kollegorna.se/blog/2015/04/build-an-api-now/
(Manual way)
Token based authentication for Rails JSON APIs (SO Question)
Rails API : Best way to implement authentication? (SO Question)
Rails API : Best way to implement authentication?
I want to use spree api on frontend to implement the ajax products search just like the one in orders/edit on backend where you enter 4 characters and it uses api to get variants.
But I am confused about the token. how can i use the following on frontend even when the user is not logged in.
/api/variants?q[product_name_or_sku_cont]=product&token=sometoken
I had a similar problem with updating cart using api (check here) but i solved that using order_token=current_order.guest_token
but here i want to implement a search and when a new user visits the site current_order is empty.
Thanks
I have change Spree::Api::Config[:requires_authentication] to false and now i am able to access it without a token
Following this tutorial
http://givan.se/p/00000000
I have setup authentication for an ember app with a grape api. The tutorial doesn't store the current session, because there seems to be no need, however, I would like to access the current authenticated user in my api so that I can more easily handle deeply nested relationships. What would be the best way to accomplish this?
Currently using rails 4, and the latest versions of the grape and devise gems.
<EDIT>
Say I have a JSON payload like this
{ person: { user_id: 3, updated_attribute: 'the' } }
with my current setup, should I also include the user's authenticate token with each request to prevent a situation where a logged in user sends a PUT request where they have altered the user_id to update the attributes of another user.
I'm trying to understand how/make sure my rails server knows which user is making/submitting requests to the API.
Checkout this example from the Ember Simple Auth repo - you simply define a custom session class that adds a computed property which returns the current user.
I'm using Devise in a Rails app and want to expose some of the model data via an API, but access to the API should be restricted just like the app.
$ curl http://myapp.com/api/v1/sales/7.json
{"error":"You need to sign in or sign up before continuing."}
Obviously.
Is there a best practice for accessing the API in situations like this? I'd prefer to authenticate + grab the data in one step, but that's just to make the client's job easier. They'll be pulling in the data client-side with JQuery.
Thanks for any info!
Vanessa
I recommend you follow the Option 2: Using API Key section on the following post to implement API authentication in Rails.
http://www.whatcodecraves.com/articles/2008/11/25/how_to_make_an_api_for_a_rails_app/
It's lightweight and simply requires passing an api_key param with each request.
My suggestion would to generate an API "key" (hash value) and have that passed with the json request. That way you can authenticate and track API use. A lot of APIs use "keys" to track and authenticate use. Google maps for instance, they use just an API key. Where as PayPal uses a user name, password, and key. There are a number of ways to do it.
I would try creating a one-to-many table that belongs to the user, just for keys. That way a user can generate more than one hash key for different purposes. (One for reports, one for backup, one for fancy pie charts that automagically pull from Powerpoint).