Skip to main content

Extension OAuth

This guide introduces the different methods of authenticating and authorizing extensions with Fynd Platform. Make sure that you understand the differences between the types of authentication and authorization schemes before you begin your development process.

info

You can use FDK CLI to generate the starter code template for your extension that handles authentication and authorization.

OR use one of the below Extension Helper libraries which help you to easily implement authentication and authorization.

  1. fdk-extension-javascript
  2. fdk-extension-java
  3. fdk-extension-python

Authentication vs authorization

Authentication is the process of verifying the identity of the user or the extension. To keep transactions on the Fynd Platform safe and secure, all extensions connecting with Fynd Platform APIs must authenticate when making API requests. Authorization is the process of giving permission to extensions. Sellers can authorize Fynd Platform extensions to access data in a store. For example, an extension might be authorized to access orders and product data in a sales channel.

OAuth 2.0

OAuth 2.0 is the industry-standard protocol for authorizing or giving permissions to apps, extensions, etc.. This differs from authentication, which is the process of verifying the identity of the user or the app.

OAuth flow

Fynd Platform uses OAuth 2.0’s authorization code grant flow to issue access tokens on behalf of sellers. The OAuth flow is used so that sellers can authorize Fynd Platform extensions to access data in selling locations. For example, an extension might be authorized to access orders and product data or marketing data in a extension.

  1. The seller makes a request to install the extension in Fynd Platform.
  2. The extension redirects to Fynd Platform to load the OAuth grant screen and requests the seller to authorize the required scopes.
  3. The seller authorizes the extension by consenting to the requested scopes.
  4. The extension receives an authorization grant.
  5. The extension requests an access token by authenticating with Fynd Platform and presenting the authorization grant.
  6. Fynd Platform authenticates the extension, validates the authorization grant, and then issues and returns an access token. The extension can now request data from Fynd Platform.
  7. The extension uses the access token to make requests to the Fynd Platform API.
  8. Fynd Platform validates the access token and returns the requested data.

QG11


Generate API credentials

Retrieve an API key and API secret key, which you get when you create an extension. These API credentials identify your app during the authorization process. If you've already created an extension and generated API credentials,

  1. Log in to your Partner Dashboard
  2. Click Manage
  3. Select organization
  4. Click on Extension
  5. Click Create
  6. Choose the type of extension that you want to create
  7. Fill in all mandatory details
  8. Click Create
  9. Scroll to API Keys to view your API key and API secret key

Before extension can access any Fynd Platform data, a seller must grant permission to the extension. Granting permission happens when a seller clicks the link to install your extension. After a seller clicks the link to install your extension, your extension receives a GET request on the app URL path that you specified in the Partner Dashboard. Requests to this URL path from a seller who is logged into the Fynd Partners.

To show the installation permissions prompt, redirect the seller to the following URL with the query parameters defined below:

https://{cluster_url}/service/panel/authentication/v1.0/company/{company_id}/oauth/authorize?access_mode={access_mode}&client_id={client_id}&redirect_uri={redirect_url}&response_type=code&scope={scope}&state={state}
KeyDescription
cluster_urlCluster url for which api is to be requested
company_idFor which extension to be installed
access_modeaccess mode will offline or online
client_idThe API key for the extension.
redirect_uriThe URL to which a seller is redirected after authorizing the extension. The complete URL specified here must be added to your extension as an allowed redirection URL, as defined in the Partner Dashboard.
scopeA comma-separated list of scope. For example, to access data of company sales channel and company application settings, use scope=company/saleschannel,company/application/settings
stateA random string used to validate access token

To get the access token from the auth code the seller redirects to the following URL:

https://<extension_launch_url>/fp/auth?code={code}&state={state}&client_id={client_id}&company_id={company_id}
KeyDescription
codeAuthorization code
stateA random string used to validate access token
client_idThe API key for the extension.
company_idFor which extension to be installed