Ecommerce app permissions

Your app must request specific permissions from merchants to access and update their data. In addition, on the Developer Dashboard, you must specify the Ecommerce integration type you are using for your app.

Required app permissions

Merchants using your app grant your app permissions during installation, and your app will use the associated OAuth token to use for all API calls on behalf of the merchant (see Using OAuth 2.0 for more information about the OAuth flow). Your app should only request the minimum permissions required for your app to function.

PAKMS service endpoint

OperationRequired permission
Get public key
GET /pakms/apikey
Online payments

Tokenization service endpoint

OperationRequired permissions
Create token
POST /v1/tokens
None

🚧

IMPORTANT

To create a token using POST /v1/tokens, you need a public key retrieved from the PAKMS service.

Ecommerce service endpoints

Charge endpoints

OperationRequired permissions
Create a charge
POST /v1/charges
Online payments
Capture an open charge
POST /v1/charges/{chargeId}/capture
Read payments
Write payments
Online payments
Get charges
GET /v1/charges
Read payments
Get a single charge
GET /v1/charges/{chargeId}
Read payments

Customer endpoints

OperationRequired permissions
Create a card-on-file customer
POST /v1/customers
Read customers
Write customers
Online payments
Add a card to an existing customer
PUT /v1/customers
Read customers
Write customers
Online payments
Remove a card from an existing customer
DELETE /v1/customers
Read customers
Write customers
Online payments

Order endpoints

OperationRequired permissionsAdditional permissions
Create an order
POST /v1/orders
Read merchant
Read orders
Write orders
To add a customer:
Read customers

To add tax_rates to items:
Read inventory
Get orders
GET /v1/orders
Read orders
Read payments
Get an order
GET /v1/orders/{orderId}
Read customers
Read merchant
Read orders
Read payments
Pay for an order
POST /v1/orders/{orderId}/pay
Read customers
Read inventory
Read merchant
Read orders
Read payments
Online payments
Return an order
POST /v1/orders/{orderId}/returns
Read customers
Read merchant
Read orders
Read payments
Online payments

📘

NOTE

Getting an order with GET /v1/orders/{orderId} auto-expands the following fields:

  • lineItems
  • lineItems.taxRates
  • payments
  • refunds
  • customers

Refund endpoints

OperationRequired permissions
Get refunds
GET /v1/refunds
Read payments
Get a refund
GET /v1/refunds/{refundId}
Read payments
Refund a charge
POST /v1/refunds
Read customers
Read merchant
Read orders
Read payments
Online payments

Recurring Payments service endpoints

Plan endpoints

OperationRequired permissions
Create plan
POST /v1/plans
Read merchant
Write merchant
Get a plan
GET /v1/plans/{planId}
Read merchant
Edit a plan
PUT /v1/plans/{planId}
Read merchant
Write merchant
Deactivate a plan
PUT /v1/plans/{planId}
Read merchant
Write merchant

Subscription endpoints

OperationRequired permissions
Create a subscription
POST /v1/plans/{planId}/subscriptions
Read customers
Write customers
Get a subscription
GET /v1/subscriptions/{subscriptionId}
Read merchant
Read customers
Edit a subscription
PUT /v1/subscriptions/{subscriptionId}
Read customers
Write customers
Cancel a subscription
PUT /v1/subscriptions/{subscriptionId}
Read customers
Write customers
Read merchants

Setting app permissions and integration type

To set app permissions and integration type for your app:

  1. On the Developer Dashboard, click App Settings on the side-nav.
  2. On the App Settings page, click Requested Permissions.
  3. On the Edit Requested Permissions modal that appears, select your app's read or write permissions for Ecommerce API as required. For any selected permission, provide in-line justification about how your app is using this information.
  4. Click Save. Your selected permissions appear on the App Settings page.
  5. On the App Settings page, click the additional Ecommerce Settings that appear.
  6. On the Edit Ecommerce Settings modal that appears, select your integration type. See Integration types for more information.
  7. Click Save. Your selected integration type appears on the App Settings page.