Documentation

Ucommerce includes full API reference documentation and lots of helpful articles to help you build your e-commerce site as effortlessly as possible.

Topics Payment Providers
v7.18

Protect custom endpoints

Before we start: This section requires Ucommerce to be install through nuget

Our developers has done an amazing job securing our endpoints. Why not let you take advantage of our headless client security features for your own endpoints?

Follow this guide and let us show you how easy it is 🚀

In the code below you see three examples of how to secure your custom endpoints. Two of them are secured with Bearer authentication and one is secured with Basic authentication. DoSomethingWithAuthentication and DoSomethingWithExplicitAuthentication are secured with Bearer authentication. To use this you will need to obtain an access_token, click here to learn how. With an access_token you should only do things for one store, if you need the storeId you can use our FromClaim attribute in the controller and it will reveal the storeId.

NOTE To use this authentication you will have to pass a header called Authorization, with the value Bearer <access_token> in all your REST requests.

The easiest but less secure way of protection is to use Basic authentication. In DoSomethingWithBasicAuthentication you can see how to obtain that functionallity.

If you want to use Basic authentication, the Authorization header uses Basic HTTP Authentication scheme (which is defined in rfc7617). In other words, the value of the header is Basic {":" string encoded as base64}. Here’s a code example how to do in C#:

    public string GenerateBasicAuthorizationHeaderValue(string clientId, string clientSecret)
    {
        string credentials = $"{clientId}:{clientSecret}";
        byte[] credentialsByteData = Encoding.GetEncoding("iso-8859-1").GetBytes(credentials);
        string base64Credentials = Convert.ToBase64String(credentialsByteData);
        return $"Basic {base64Credentials}";
    }

Examples on how to secure an endpoint:

    [RoutePrefix("api/v1")]
    public class Authentication : ApiController
    {
        [HttpGet]
        [HttpPost]
        [HttpPut]
        [Ucommerce.Headless.Authentication.Authorize]
        public IHttpActionResult DoSomethingWithAuthentication()
        {
            return Ok();
        }
    
        [HttpGet]
        [HttpPost]
        [HttpPut]
        [Ucommerce.Headless.Authentication.Authorize(AuthenticationSchemes = HeadlessConstants.TokenTypes.BASIC_SCHEME)]
        public IHttpActionResult DoSomethingWithBasicAuthentication()
        {
            return Ok();
        }
    
        [HttpGet]
        [HttpPost]
        [HttpPut]
        [Ucommerce.Headless.Authentication.Authorize(AuthenticationSchemes = HeadlessConstants.TokenTypes.BEARER_SCHEME)]
        public IHttpActionResult DoSomethingWithExplicitAuthentication([FromClaim(Name = HeadlessConstants.ClaimTypes.CLIENT_ID)] string store)
        {
            return Ok();
        }
    }

NOTE This security feature is going to change in later versions of Ucommerce.