Authorization
General authorization profiles
In general there are two main authorization profiles:
- Supplier (Supplier API): The default authorization profile for applications of suppliers using supplier permissions to the Floriday modules and functions. All Supplier API endpoints can be accessed.
- Customer (Customer API): The default authorization profile for applications of customers using customer permissions to the Floriday modules and functions. All Customer API endpoints can be accessed.
For the (supplier) External warehouses an additional authorization profile is available via the Supplier API:
3) External Warehouse (Supplier API): The authorization profile for applications of fulfillment by (supplier) 'external warehouses' for other suppliers (e.g. import agents, grower organizations) using logistic warehouse permissions to the Floriday modules and functions. Specific Supplier API endpoints can be accessed. See authorization External Warehouses
Scopes
Together with the provision of the token, the period of validity and the permissions will also be provided by means of 'scopes'. The scopes(permissions) apply to the authorization for organizations to Floriday modules, functions and resources. The scopes should be used when calling the API. Please refer to the swaggers docs for the scopes for every endpoint.
Authorization External warehouses
External warehouses are authorized have the following permissions.
| Module | Permissions | Resources | External Warehouse |
|---|---|---|---|
| catalog | Read permissions for the catalog module | additional-services commercial service types custom packing trade-items | ✅ (1) |
| delivery-conditions | Read permissions the delivery conditions module | delivery condition sets | ✅ |
| fulfillment | Read permissions for the fulfillment module | delivery orders delivery order stickers fulfillment orders fulfillment order corrections fulfillment orders inbound fulfillment order logistic-label fulfillment requests | ✅ |
| fulfillment | Write permissions for the fulfillment module | delivery orders goods movement delivery orders auction fulfillment orders fulfillment orders mark goods receipt fulfillment order corrections fulfillment requests | ✅ |
| organization | Read permissions for the organization module | organizations warehouses | ✅ |
| sticker | Read permissions for the sticker module | customer stickers customer sticker metadata | ✅ |
| sticker | Write permissions for the sticker module | customer stickers mark handled | ✅ |
| stock | Read permissions for batches | batches | ✅ (2) |
| stock | Write permissions for the batches | batches | ✅ (2) |
| webhooks | Write permissions for webhooks | webhooks | ✅ |
(1) External warehouses are authorized to have read access for the catalog resources. They can only retrieve catalog resource by ID based on batches that are to be delivered to, from or located on the external warehouse.
(2) External warehouses are authorized to have read and write access for the 'batches' resource. Batches need to be delivered to, from or located on the external warehouse. External warehouses are authorized to get, correct or repack batches.
Updated almost 2 years ago