Start a new topic

Accessing a webapi in a module from frontend javascript

Hi,

I have some data from our ERP system that is exposed from a webservice. This webservice is only available from our internal network, and there is no way to expose this publicly to our customers. So no javascript on the frontend can get to this data directly.

Is it possible to create a module on the admin site that consume the internal service, and expose a web api to the frontend?

I am fairly confident that I can create the module, but have no idea of how to call the web api in the module from the frontend javascript.

:Sigve


You can look at already exist modules, almost every of it working with API. But you should be familiar with angular of course.

For communicate with API we use angularjs resources  https://docs.angularjs.org/api/ngResource/service/$resource.


Here its few example


resource definition:

angular.module('virtoCommerce.coreModule.currency')

.factory('virtoCommerce.coreModule.currency.currencyApi', ['$resource', function ($resource) {

    return $resource('api/currencies', null, {

        update: { method: 'PUT' }

    });


resource usage:

.controller('controller1, ['$scope', 'virtoCommerce.coreModule.currency.currencyApi',

    function ($scope, currencyApi) {

  currencyApi.query({}, function (results) { });

}

Sorry, when I said frontend, I was thinking of the Storefront.


I want to consume a module api (/admin/api/MyController/GetMyDataById?id=5) from a javascript on product.liquid on the storefront.

Here its article described required information http://docs.virtocommerce.com/display/vc2devguide/Working+with+platform+API

But you may get some Cross Domain violation we will answer how to work around its little later.

I created a module with permission myModule:access. Added a user with an api key and a role (that have only assigned myModule:access). My controller use attribute [CheckPermission(Permission = "MyModule:access")]


If the user is of type customer, it does not work. If I set the user to manager or administrator I get access. Have i done something wrong? Can the user with type Manager get access to other stuff with the api key?

To use API user should have special permission security:call_api. We forgot mentioned this in our docs.

Login or Signup to post a comment