Developer forum

Forum » Dynamicweb 10 » DWAPI endpoint for Patching users

DWAPI endpoint for Patching users

E-mail notifications
Adrian Ursu Dynamicweb Employee
Adrian Ursu
Reply
Posted on 03/07/2025 12:25:46

Hi guys,

I am trying to implement some logic for creating and updating users using dwapi endpoints.
Based on what I see in the description of the endpoints, there is no way to update an existing user (other than the logged in user).
Can this option be added to the API? Preferably on the same endpoint as the create user?
I understand that this is not a typical or popular scenario. Still, for B2B scenarios where users (Admin users) can manage multiple users within the organization, it can be useful.

Thank you,

Adrian


Replies

 
Nuno Aguiar Dynamicweb Employee
Nuno Aguiar
Posted on 03/07/2025 13:00:04
Reply
 
Nuno Aguiar Dynamicweb Employee
Nuno Aguiar
Posted on 03/07/2025 13:00:10
Reply

Hi Adrian,

 

Wouldn't you use the Management API for that?

 

I guess on the delivery API the problem may also be on how to validate if the user has permissions to update the user. So if you build your custom endpoint that internally you do the necessary validation (for that project) and handle that update (through the management API or regular API methods), that would probably be easier.

 

Best Regards,

Nuno

 
Adrian Ursu Dynamicweb Employee
Adrian Ursu
Posted on 03/07/2025 13:03:24
Reply

Hi Nuno,

In the first case, I would like to use the endpoint to receive data from ERP.
But I also consider some integration with a Mobile App where I would not be able to use the Management API since the editing will happen from the "Customer center".

Thank you,
Adrian

 

 
Nuno Aguiar Dynamicweb Employee
Nuno Aguiar
Posted on 03/07/2025 13:21:49
Reply

Hi Adrian,

 

I understand the use case. I guess my concern is security / exploit scenarios.

  • If there's a webapi endpoint that can update "any user" that's bad. 
    • I know this isn't exactly what you're asking for but my token, shouldn't allow editing other users
  • So there needs to be some place that allows User 123 (i.e. Nuno) to update User 456 (i.e. Adrian)
    • The backend has a better way to manage that
    • Moving that "logic" to a webapi is what could be hard
    • Which is why probably a custom webapi of your own, that hold that mapping and logic, may be a better path

 

But I can't speak for the Core platform team. Maybe they have other thoughts and ideas :P 

 

Nuno

 
Adrian Ursu Dynamicweb Employee
Adrian Ursu
Posted on 03/07/2025 13:24:17
Reply

Hi Nuno,

Thank you very much. I completely agree with you.
We are considering a custom webapi but I would try to avoid it if we can handle it with standard/existing functionality.

Waiting for the Core team though :)

Thank you,
Adrian

 
Nicolai Pedersen Dynamicweb Employee
Nicolai Pedersen
Posted on 03/07/2025 13:32:30
Reply

Hi Both

The latest updates to DW10 allows for managing users and addresses across e.g. an "account" - based on customer number. Those features are also (some still in progress) able to be handled by the management API. The new user modules are also getting more natively build features for an account admin to create users. These features will also be supported at the dwapi endpoints as we go along.

As Nuno mentions, the security is the big thing here - creating and updating users would have to happen in a context of another user that has permissions to do that.

Management API gives you full access to creating anything.

We are also considering a "Service API" that is an api key based api that is between the delivery api (dwapi) and the management API. E.g. for getting and creating users with admin permssions, udating products, inventory, prices etc - for more integration related tasks like this one. But it is still not a plan...

This just to give you insights to what we are working on.

 

You must be logged in to post in the forum