Getting Started

The User API enables developers to perform operations such as user authentication, retrieving and updating profile information, managing user orders, handling payment methods, and facilitating customer support interactions.

Authentication

The APIs described in this document provide access to two types of endpoints: public and authenticated.

Public Endpoints

Public endpoints can be accessed without any form of authentication. These are typically used for retrieving publicly available information, such as general product listings or other non-sensitive data.

Authenticated Endpoints

Accessing authenticated endpoints requires users to establish a session through Session Authentication.

To do this:

1. Users must log in using their credentials (e.g., username and password) via a designated authentication endpoint.

2. Upon successful login, the server will generate and return a session cookie to the client.

3. This session cookie must be included in subsequent API requests as part of the headers. The session cookie serves as proof of authentication and ensures secure access to protected resources.

Session Cookie

The session cookie, identified by the osessionid value, is determined by the SESSION_COOKIE_NAME parameter, which is set in the settings.py file via the SESSION_COOKIE_NAME environment variable. If this value is modified, the updated SESSION_COOKIE_NAME must be included in the Cookie header.

Example:

Cokkie:<modified_session_cookie_name>=yji6ppwys9a2k2myv3k9e5q2jifggqt9

CSRF Token

For all API requests except GET, the csrftoken must be included in the headers. The CSRF token is obtained through the login process and is required to ensure secure interactions.

For more details on obtaining the CSRF token, refer to: User Login Endpoint.

Example:

x-csrftoken: KxlMDi8Nfy0HljwuWTRnJwDMfGtP5Zh8xHn4BMOEJFAxaRAFJx6MarlaHDM66LZ7