Authentication and authorization
All apps communicating with the Genstore platform via REST APIs must be properly authorized and authenticated. This document outlines the methods Genstore employs to facilitate app authorization and authentication.
Authentication
Authentication verifies the identity of a user or app to ensure transaction security. All apps interacting with the Genstore API must authenticate themselves when initiating API requests.
Different apps have distinct authentication requirements based on their integration level with the Genstore platform:
| App type | Authentication method | Description |
|---|---|---|
| Embedded apps | Session token | For apps integrated within the Genstore user interface, using session tokens for authentication ensures that actions are securely managed within the platform context. |
| Standalone apps | Access token | Independent apps require access tokens to authenticate and interact with Genstore's APIs from outside the platform's user interface. |
Authorization
Authorization is the process where merchants grant apps access to specific resources, such as orders or products. Upon a merchant's approval during the app installation, Genstore issues an access token, enabling the app to interact with the platform.
Authorization methods vary depending on the app's architecture and the level of access required:
| App Type | Authorization Method | Description |
|---|---|---|
| Embedded apps | Token exchange Authorization code | Embedded apps use token exchange or authorization codes to obtain access, facilitating seamless integration and interaction within the user interface. |
| Standalone apps | Authorization code | Standalone apps obtain authorization codes to access platform data, suitable for apps operating externally to the Genstore interface. |
Quick start
- Use session token for authentication.
- Use access token for platform interaction.