Allow droppers to create orders via API

https://univer.1b.app/app/app-api-v2/apiwithphonesettings/ [file]19282[/file] [file]19283[/file] you can use your API key to generate userauthtoken and userauthrefreshtoken once, give it to dropshippers and they will be able to use the API. As you probably noticed, almost all methods of the new api support authorization by userauthtoken, naturally if you are authorized by userauthtoken you do not need access rights to create an order, but when editing, you can only edit orders where you are a client. Perhaps in the form of a setting here it will be possible to make those where you are the author edited, so that you can set other users as a client.

To understand the context a little, this apish was made for third-party mobile applications, so that the mob. the application did not shine the api key, but simply authorized everyone by phone number and used the methods allowed to the user through the user's token. So you can control which methods are available to users and at the same time give full use of the API and do not expose your API key. If suddenly someone intercepts the user's token, it will drop in X minutes and it needs to be updated through the refresh method.

those. in fact, now any client can make a mob for himself. application using api methods and authorization by phone number. At the same time, the participation of developers from our side is not necessary, all the methods that are needed are already in the new api. You can view the history of your orders, edit orders, create new ones, add products to directories (for example, you like them), view product lists, write reviews and questions about them, and much more.

Tell me, if you still do it according to the technical specifications in the description, how many hours you need for this, in order to understand how best to implement it.

Letting clients use the crm system apish, and even without imposing access rights, is some kind of strange idea, I don’t like it. Therefore, not at all.

[quote] .dev OneBox production wrote: Letting clients use the crm system apish, and even without imposing access rights, is some kind of strange idea, I don’t like it. Therefore, not at all. [/quote] So this only applies to the API for dropshippers, only they should have access to the creation. That option with API v2 is not suitable, since the mob. the application already uses authorization by mob. phone. Please rate this improvement or suggest something else.