Me and my stuff

Up until now, you have been working from the seller perspective. During this process, you created a new organization and populated its first product catalog. Now that the administrative work is complete, you can switch to the buyer perspective using the buyer user that was created in Establishing API access.

To begin, request an access token for your buyer user using the password grant workflow.

Password grant-type workflow

Use the access token in the response for the remainder of this section.

POST https://sandboxapi.ordercloud.io/oauth/token HTTP/1.1
Content-Type: application/x-www-form-urlencoded;

{
    client_id: "INSERT_SHARED_API_CLIENT_ID",
    grant_type: "password",
    username: "buyer01",
    password: "INSERT_BUYER_USER_PASSWORD",
    scope: "MeAdmin PasswordReset Shopper",
}

A unique perspective

Authenticating as a buyer user provides access to a unique set of API resources.

The Shopper role (reserved for buyer users) enables access to personalized endpoints designed to simplify complex relationships created by the admin user. These resources are commonly referred to as Me and My Stuff.

See Me and My Stuff for more information.

While other types can access the /me endpoint for managing their profile, they do not have access to its sub-resources. These resources are generally for interacting with data that the buyer user is assigned to at the organization, user group, or user level. A few of them are for managing data that the buyer user owns:

• Personal Addresses - a personal address book only accessible to the authenticated user
• Personal Credit Cards - a wallet for storing credit card tokens retrieved from a third-party payment provider

Warning: OrderCloud terms of service strictly prohibit storing full credit card information. Credit cards and payment processing should be handled by an authorized provider such as Authorize.NET or Stripe.

To access these features, the buyer user must be granted specific roles: MeAddressAdmin and MeCreditCardAdmin respectively.

Validate your perspective

Confirm we are in the correct perspective by getting the currently authenticated user using our new access token:

Get the currently authenticated user

GET https://sandboxapi.ordercloud.io/v1/me HTTP/1.1
Authorization: Bearer INSERT_ACCESS_TOKEN_HERE
Content-Type: application/json; charset=UTF-8

The response looks like this:

{
	"Buyer": {
		"ID": "BUYER_ORGANIZATION",
		"DefaultCatalogID": "BUYER_ORGANIZATION"
	},
	"Supplier": null,
	"Seller": {
		"ID": "xxxxxxxxxxxxxxxxxx"
	},
	"ID": "BUYER_USER",
	"Username": "buyer01",
	"Password": null,
	"FirstName": "Buyer",
	"LastName": "User",
	"Email": "[email protected]",
	"Phone": null,
	"TermsAccepted": null,
	"Active": true,
	"xp": null,
	"AvailableRoles": [
		"MeAdmin",
		"PasswordReset",
		"Shopper"
	],
	"DateCreated": "2021-02-08T23:09:14.82+00:00",
	"PasswordLastSetDate": "2021-02-08T23:10:00.56+00:00"
}

Reveiw the AvailableRoles in the response. If it does not match, revisit the create your first buyer user procedure before continuing to the next guide.