Hi,
Our client has raised an issue in that when your are impersonating another user, the cart functionalities do not work.
We have moved to using Javascript and the APIs provided in the swagger documentation for controlling carts to avoid having to do page refreshes when updating a quantity for example.
We use these API endpoints, which work just fine when we are logged in as the master user:
DELETE /dwapi/ecommerce/carts/${cartSecret}/items/${orderLineId}
GET /dwapi/ecommerce/carts/${cartSecret}
PATCH /dwapi/ecommerce/carts/${cartSecret}/items
PATCH /dwapi/ecommerce/carts/${cartSecret}/items/${orderLineId}
The issue is that these return a 403 instead of 200 when we log in as the master user, but then impersonate another user, so the Add to cart fails as we do not get the expected status codes back for these endpoints based on the operation they are trying to do. (get basket, update item, remove item etc etc)
I can see when impersonating a user, that the cart secret changes as expected to their baskets secret as opposed to the cart secret of the master user
E.G:
Impersonated User:
Master User:
However, the API does not seem to respect that we are impersonating the user and therefore should be able to use their cart secret as if it was the cart secret of the master user.
There is no way i can see on the API docs to be able to pass in the Impersonated User Id or similar to indicate we are in impersonation mode.
There are Impersonate endpoints, however i'm not clear on when these should be called and even if they should, as we have already entered impersonate mode using the out of the box Impersonate functionality. If we did use this endpoint, do we not need to call them again to un-impersonate a user when switching back to the master user?
GET: /dwapi/users/impersonatees
GET: /dwapi/users/impersonate
This is going to be a major problem for us if we cannot come up with a resolution.
Any advice on how to approach this problem would be highly appreciated.
Kind Regards,
Joe
