Spree Developer Documentation
Spree Developer Documentation
API reference
Demo
Support
Developer's Documentation
🚀Getting Started
Installation
Headless Commerce
💻API
Storefront API
Platform API
🎨Storefronts
Next.js Commerce
⚙️Internals
Stores
Products
Orders
Payments
Shipments
Promotions
Inventory
Taxation
Addresses
Adjustments
Calculators
Preferences
🛠Customization
Dependencies
Business Logic
Storefront API
Checkout
Authentication
Permissions
Images
Internationalization
Storefront
Emails
🎁Extensions
Extensions
Creating an extension
🌏Deployment
AWS
Heroku
Performance
🔑Security
General guidelines
API
PCI Compliance
Authentication & authorization
Advanced
Adding Spree to an existing Rails application
Deface
⏩Upgrades
How to perform upgrades
Upgrade guides
❤️Contributing
General guidelines
Developing Spree
Upgrading extensions
✨Releases Notes
Releases
Changelog
🤝Support
Core Team support
Slack Community
Powered by GitBook

API

This section is only applicatable to API v1

The REST API behaves slightly differently than a standard user. First, an admin has to create the access key before any user can query the REST API. This includes generating the key for the admin him/herself. This is not the case if Spree::Api::Config[:requires_authentication] is set to false.

In cases where Spree::Api::Config[:requires_authentication] is set to false, read-only requests in the API will be possible for all users. For actions that modify data within Spree, a user will need to have an API key and then their user record would need to have permission to perform those actions.

It is up to you to communicate that key. As an added measure, this authentication has to occur on every request made through the REST API as no session or cookies are created or stored for the REST API.

🔑Security - Previous
General guidelines
Next - 🔑Security
PCI Compliance
Last updated 1 month ago
Edit on GitHub