Platform Docs

Ecommerce app permissions

Suggest Edits

Your app must request specific permissions from merchants to access and update their data. In addition, on the Developer Dashboard, you must specify the Ecommerce integration type you are using for your app.

Required app permissions

Merchants using your app grant you app permissions during installation, and your app will use the associated OAuth token to use for all API calls on behalf of the merchant (see Using OAuth 2.0 for more information about the OAuth flow). Your app should only request the minimum permissions required for your app to function.

PAKMS service endpoint

Operation

Required permission

Get public key
GET /pakms/apikey

Online payments

Tokenization service endpoint

Operation

Required permissions

Create token
POST /v1/tokens

None

🚧

IMPORTANT

To create a token using POST /v1/tokens, you need a public key retrieved from the PAKMS service.

Ecommerce service endpoints

Charge endpoints

Operation

Required permissions

Create a charge
POST /v1/charges

Online payments

Capture an open charge
POST /v1/charges/{chargeId}/capture

Read payments
Write payments
Online payments

Get charges
GET /v1/charges

Read payments

Get a single charge
GET /v1/charges/{chargeId}

Read payments

Customer endpoints

Operation

Required permissions

Create a card-on-file customer
POST /v1/customers

Read customers
Write customers
Online payments

Add a card to an existing customer
PUT /v1/customers

Read customers
Write customers
Online payments

Remove a card from an existing customer
DELETE /v1/customers

Read customers
Write customers
Online payments

Order endpoints

Operation

Required permissions

Additional permissions

Create an order
POST /v1/orders

Read merchant
Read orders
Write orders

To add a customer:
Read customers

Get orders
GET /v1/orders

Read orders
Read payments

Get an order
GET /v1/orders/{orderId}

Read customers
Read merchant
Read orders
Read payments

Pay for an order
POST /v1/orders/{orderId}/pay

Read customers
Read inventory
Read merchant
Read orders
Read payments
Online payments

Return an order
POST /v1/orders/{orderId}/returns

Read customers
Read merchant
Read orders
Read payments
Online payments

📘

NOTE

Getting an order with GET /v1/orders/{orderId} auto-expands the following fields:

  • lineItems
  • lineItems.taxRates
  • payments
  • refunds
  • customers

Refund endpoints

Operation

Required permissions

Get refunds
GET /v1/refunds

Read payments

Get a refund
GET /v1/refunds/{refundId}

Read payments

Refund a charge
POST /v1/refunds

Read customers
Read merchant
Read orders
Read payments
Online payments

Setting app permissions and integration type

To set app permissions and integration type for your app:

  1. On the Developer Dashboard, click App Settings on the side-nav.
  2. On the App Settings page, click Requested Permissions.
  3. On the Edit Requested Permissions modal that appears, select your app's read or write permissions for Ecommerce API as required. For any selected permission, provide in-line justification about how your app is using this information.
  4. Click Save. Your selected permissions appear on the App Settings page.
  5. On the App Settings page, click the additional Ecommerce Settings that appear.
  6. On the Edit Ecommerce Settings modal that appears, select your integration type. See Integration types for more information.
  7. Click Save. Your selected integration type appears on the App Settings page.

Updated a day ago

Ecommerce app permissions

Suggested Edits are limited on API Reference Pages

You can only suggest edits to Markdown body content, but not to the API spec.