Jump to content

Is necesary a middle layer in the use of prestashop's api?


fmrt94

Recommended Posts

Hello

I am working on a mobile app, that listen for new products and other information of the store.
To recibe the data, I'm using the PrestaShop API. 

To get some information of the client, the token access have the permission to get the clients.
 

In theory I only should take the information of one client; But in essence the app can retrieve information about all clients. ( I see a security problem here.)

So, should I create an intermediate service  that limits the information that the clients recieves? 
 
--> The mobile app only should have access to the logged client information!

Thanks  :)

 

Link to comment
Share on other sites

 

Hello

 

I am working on a mobile app, that listen for new products and other information of the store.

To recibe the data, I'm using the PrestaShop API. 

 

To get some information of the client, the token access have the permission to get the clients.

 

In theory I only should take the information of one client; But in essence the app can retrieve information about all clients. ( I see a security problem here.)

So, should I create an intermediate service  that limits the information that the clients recieves? 
 
--> The mobile app only should have access to the logged client information!

 

Thanks  :)

 

Check the Webservice documentation here and here

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...