Hello,
I was just wondering about this api endpoint 'dwapi/users/authenticate'.
I have a situation where i want to use Javascript to control carts using the '/dwapi/ecommerce/carts/*' family of endpoints
There is a scenario, where after checkout the cart context is empty so there is no secret available to get the current users cart.
Dynamicweb.Ecommerce.Common.Context.Cart
This means the endpoints will not work as i cannot get a secret to call the endpoints with to add an item to the basket as an example.
I understand that i instead, need to call out and create a cart for the current user, and then set it as active using the secret returned in the response from create cart. However, that will not work unless the user is authenticated on the API with a JWT.
The issue with this is that the user signs in using the login page and that is the point where their credentials are available to call the authenticate endpoint to get a JWT to use in api requests that require authentication by intercepting the form submit event. The api only appears to accept username and password as plain text.
Is there a way this endpoint can be called using a base-64 encoded header or some other similar mechanism, that doesn't pass the data across in plain text to the API?
It feels like the wrong approach to have to do this to use the API on behalf of the logged in user.
Alternatively, is there a way to get a JWT automatically for a user when they log in so that it can just be refreshed when needed and used to perform API requests as and when required, without having to intercept the form submission to call out for a JWT explicitly?
