Retrieving Protected Resources
Edit on GitHubShop owners can decide which resources are available to unauthenticated customers, and which of them they are not allowed to view. In Spryker Frontend, this is done via the Managing Customer Access Feature. On the REST API side, the capability is supported by the Customer Access API. The API allows protecting resources from access by unauthorized customers and also provides an endpoint that returns a list of resources protected from unauthenticated access.
An attempt to retrieve any of the resources protected by the API without authentication will result in a 403 Forbidden error.
In your development, the API will help you to protect certain resources from guest access, as well as perform pre-flight checks to avoid accessing endpoints that a guest user doesn’t have sufficient permissions to view.
Installation
For detailed information on how to enable the functionality and related instructions, see Glue API: Customer Access Feature Integration.
Usage
To retrieve a list of protected resources, send a GET request to the following endpoint:
Request
Request sample: GET http://glue.mysprykershop.com/customer-access
Response
If the request was successful, the endpoint returns the types of API resources that should not be accessed without proper authentication.
Response Attributes
| Field* | Type | Description |
|---|---|---|
| resourceTypes | String[] | Contains a string array, where each element is a resource type that is protected from unauthorized access. |
*The fields mentioned are all attributes in the response. Type and ID are not mentioned.
Sample Response
{
"data": [
{
"type": "customer-access",
"id": null,
"attributes": {
"resourceTypes": [
"abstract-product-prices",
"concrete-product-prices",
"wishlists",
"wishlist-items"
]
},
"links": {
"self": "http://glue.mysprykershop.com/customer-access
}
}
],
"links": {
"self": "http://glue.mysprykershop.com/customer-access
}
}
Thank you!
For submitting the form