What is the difference between the authentication and authorization on Fynd platform and how are they implemented? And how do extensions interact with Fynd’s API using OAuth2.0?
In the Fynd platform, authentication and authorization serve different purposes but are necessary steps in ensuring safe and secure interactions with the platform APIs.
-
Authentication is the process of verifying the identity of users or extensions on the Fynd platform. All extensions need to go through the authentication process when making API requests to ensure that the transaction is secure.
-
Authorization, on the other hand, refers to the process of granting permissions to extensions. Seller from the platform can authorize Fynd Platform extensions to access certain data in their stores, for instance, access to orders, product data, marketing data etc.
To implement authorization, Fynd Platform uses the OAuth2.0 protocol which is an industry-standard for authorized access. A specific series of steps named OAuth Flow are followed to issue access tokens to the extensions on the platform on behalf of sellers. The extension can then use these tokens to make authorized requests to the Fynd Platform API.
API Key and Secret Key (client_id and access_mode respectively) are necessary to identify your extension during the authorization process. The seller must grant permissions to an extension before it can access any data, and these are initiated when a seller installs your extension.
For more information check the original documentation.