Developer forum

Forum » Dynamicweb 10 » Retrieve another customer’s addresses in checkout without JWT authorization

Retrieve another customer’s addresses in checkout without JWT authorization

E-mail notifications
Joakim
Reply
Posted on 25/09/2025 10:49:56

Hi,

I'm running Swift 2 on 10.17.6.
I'm building a one-page checkout where a logged-in customer should be able to select another customer and see that customer's addresses, then pick one for delivery.

Fetching the list of customers is straightforward. I created a query and access it via:

/dwapi/query?RepositoryName=Secondary%20users&QueryName=AllUsers

 

The problem occurs when I try to get the selected customer's addresses through:

/dwapi/users/addresses

This requires JWT authorization.

So my question is: Is there another way to retrieve another customer's addresses without JWT authorization?


Replies

 
Nicolai Pedersen Dynamicweb Employee
Nicolai Pedersen
Posted on 25/09/2025 11:25:32
Reply

Not on the dwapi. It is a security/gdpr issue to expose information there without authentication etc.

You can use the UserAddressService to get addresses for any user in a razor template.

You can have one user impersonate another user on the dwapi - that will give you back a jwt of the user you are impersonating and that can be used to get the right addresses - that requires that all users can impersonate each other. Sounds like a 'security' risk though - withoput knowing your use case.

You can also do a custom endpoint using ipipeline - see https://doc.dynamicweb.dev/documentation/extending/middleware/index.html?q=ipipeline#implementation-example---custom-web-api

BR Nicolai

 

You must be logged in to post in the forum