Skip to main content

Access Modes

Access mode defines the type of access required by an extension. Two access modes are available: Offline Access Mode and Online Access Mode. Each mode serves different purposes based on the extension's requirements. This guide provides an overview of the differences between online and offline access modes, helping you determine the appropriate mode for your token based on your extension's use case.

Online access

  • Use "online" access if your app requires access for a short duration or only operates when the user is available.
  • During the OAuth authorization phase, you need to explicitly request online access.
  • Online access is designed for situations when a user interacts with your extension through the web.
  • The 'access_mode' key is used to request online access, as shown below:
let FDKExtension = setupFdk({
    ...
    access_mode: "online",
    ...
});

Authorization

  • An online access token has an expiry time of 6 hours.
  • Once the token expires, the authorization process runs in the background and generates a new access token.
  • Users do not need to go through the access process again since they were granted access during the extension installation.
  • The logged-in user who interacts with the extension is associated with all the API calls made on the platform. This ensures that the name of the respective logged-in user is referenced for all the executed API calls by the extension.

Example

  • Let's consider an extension that performs operations on sales channel data. The initial home page of this extension displays a list of available sales channels.
  • To retrieve the details of these sales channels, an API call is made using the online access token. The fetched details are then presented to the user for viewing.
  • Therefore, the online access token is utilized by the extension for such cases.

Offline access

Offline is the default access mode when none is specified. Tokens with the offline access mode are designed for long-term access to a store, where no user interaction is required. The offline access mode is well-suited for background tasks triggered by webhooks or maintenance work carried out in background jobs.

The 'access_mode' key is utilized to request offline access, as demonstrated below:

let fdkExtension = setupFdk({
    ...
    access_mode: "offline",
    ...
});

Authorization

  • Upon successful authorization, clients receive two access tokens and one refresh token as a response.
    • Online and offline access tokens
    • Refresh token
  • The online access token is included in the response along with the offline token. It is utilized for tasks that require an online access token.
  • The offline access token has a validity of 1 hour. When an offline token expires, the refresh token can be utilized to obtain a new offline token. The refresh token is used to renew the offline access token.
  • Since there is no user interaction involved when using an offline token, there is no logged-in user associated with any activities performed using this token.
  • A system user is created during the registration of an extension on the partner panel. Therefore, for all API calls made using the offline access token, the system user of the extension is associated.

Example

  • Let's consider an example of the Bulk Coupon Generator extension. The purpose of this extension is to generate coupons in bulk based on the criteria provided by the user. The user can specify the number of coupons they want to generate.
  • Since the quantity of coupons can be large, the extension collects information about the coupon quantity and type and then initiates the coupon generation process in the background. This process continues even if the user closes the extension on the platform. To handle tasks that occur without active user interaction, an offline token is utilized. The offline token is used to make an API call and register the generated coupons.
  • Another example of such a task is the cron server of an extension. The cron server runs repeatedly at a scheduled time, such as daily at 10 PM. It can be employed for various tasks, including data cleanup or scheduled data updates. In such cases, the offline access token is utilized.