Order Shorthand

From Hostway API Documentation
Jump to: navigation, search

/order

A shorthand that allows a user to access directly the current open order with the appropriate OwnerId.

Contents


Request Headers

Cookie
Required. Any call trying to use the shorthand notation has to have a valid OwnerId cookie set, with the exception of calls that will create a new order implicitly. A valid Set-Cookie header is returned with the response of either implicit or explicit order creation calls.

Order Shorthand

Using /order will try to find an order with status new that is associated with the OwnerId specified in the cookie header sent with the request. The value of the cookie may be set by either explicit or implicit order creation.

Available Methods and Child Resources

The shorthand supports all the methods that are available when using the /orders/{orderId} notation and all of the order's child resources are also accessible using the shorthand. A GET call to the order shorthand itself will include an alternate link to the explicit URL of the order in the hypermedia section. If an order is submitted using the shorthand URL, a Location header containing the explicit location of the order will be returned with a successful response for future reference.

Implicit Order Creation

If there is no current order associated with the active user, that is not submitted, a PUT or POST call to a child resource will implicitly create a new order for the user and will populate the data of the actual call to the new order. The final response of the implicitly created order will contain additional Set-Cookie header as described below. A GET or OPTIONS call to a non-existing order will not create it implicitly, but will return response with 404 status code.

Response Headers

Set-Cookie
If an order is created implicitly while accessing a child resource, the final response will include a Set-Cookie header containing an OwnerId identifier, in a similar way to explicit creation of an order using POST /orders. The cookie will be used to identify the end user, if no existing account is associated with the order, and to find which is the currently open order associated with the end client.

Additional Status Code

In addition to the response status codes that can be returned by various /orders/{orderId} calls, the order shorthand may also return:

Status Code

Status Code Error Message Description
405 Method Not Allowed - Trying to create a shortcut /order directly with PUT or POST
409 Conflict - There is already a new order associated with the same OwnerId and a second order cannot be created until the existing one is either submitted or deleted..

OwnerId cookie

Definition and purpose

The Order API defines the so called order shorthand. The Order shorthand is exposing all Order API resources and subresources, without supplying the order id. This means that at given time only one order instance is available to a client session. The Order API identifies the order instance by using "OwnerId" cookie.

Order states and OwnerId cookie life cycle

Fresh client session

When client with fresh session starts using the Order API through the shorthand the order API is designed to create order instance implicitly. The created order instance is in "new" state. When the order instance is created, the Order API will return a Set-Cookie HTTP header for setting the "OwnerId" cookie into the client session.

Subsequent calls to order shorthand resources/subresources

Once the OwnerId has been set to the client session, the client should start providing the OwnerId cookie in all subsequent calls to Order API. Receiving request with OwnerId cookie will make Order API search for oder instance in "new" state, identified by the OwnerId

Order instance deletion or submission

From "new" state the order instance can be deleted or submitted for provisioning. If the order is submitted its state will be changed to "placed".

Refreshing the OwnerId cookie after the order gets deleted or submitted

Subsequent calls, which identifies deleted or "placed" order instance will trigger Order API to implicitly create a new order instance and respond with Set-Cookie HTTP header with e new OwnerId value. The client session should start using the new OwnerId value when calling the Order API.


CORS (Cross-origin resource sharing) and OwnerId cookie

All browser based clients should abide the security policies enforced by the browsers itself. One such policy is the same origin security policy. To overcome the same origin security policy the browsers are providing the so called CORS (Cross-origin resource sharing) mechanism - http://en.wikipedia.org/wiki/Cross-origin_resource_sharing.

Basically the CORS mechanism makes the browsers to "disallow" requests which are originating from domain that does not match one of the Access-Control-Allow-Origin response header values. Ideally the Public API should allow calls, originated from all domains, by setting the Access-Control-Allow-Origin response header to * (Asterisk). Unfortunately when the requests are containing cookies the CORS mechanism dictates that the Access-Control-Allow-Origin should be very specific to the allowed domains(https://developer.mozilla.org/en-US/docs/HTTP/Access_control_CORS?redirectlocale=en-US&redirectslug=HTTP_access_control#Requests_with_credentials), meaning that your domain should be set into the Public API allowed domains. If your domain is not set to the Public API allowed domains, then please contact your sales or technical person and ask them to do that for you.

Examples

Implicit Creation

Request

PUT /order/account
Content-Type: application/json; charset=UTF-8
Authorization: {Base64-encoded username & password string}

{
 "currency": "USD",
 "language": "en-US"
}

Response

200 OK
Set-Cookie: OwnerId=4d84cd13-bbb3-46ba-a40c-8988351e3681; Path=/order
Set-Cookie: OwnerId=4d84cd13-bbb3-46ba-a40c-8988351e3681; Path=/orders

Alternate Hypermedia

Request

GET /order
Authorization: {Base64-encoded username & password string}
Cookie: OwnerId=4d84cd13-bbb3-46ba-a40c-8988351e3681; Path=/order

Response

200 OK
Content-Type: application/json; charset=UTF-8

{
  "order": {
    "OwnerId": "4d84cd13-bbb3-46ba-a40c-8988351e3681"
  },
  "links": {
    "self": {"href": "https://api.hostway.com/order/", "rel": "self"},
    "alternate": {"href": "https://api.hostway.com/orders/{orderId}/", "rel": "alternate"}
  }
}

Accessing a Child Resource

Request

GET /order/product/{productId}
Authorization: {Base64-encoded username & password string}
Cookie: OwnerId=4d84cd13-bbb3-46ba-a40c-8988351e3681; Path=/order

Response

200 OK
Content-Type: application/json; charset=UTF-8

{
  "status": "new",
  "services": "https://api.hostway.com/order/product/{productId}/services",
  "offering": "https://api.hostway.com/productSpecifications/{productSpecId}/offerings/{offering}",
  "links": [
    {"href": "https://api.hostway.com/order/product/{productId}/", "rel": "self"}
  ]
}

See also


blog comments powered by Disqus

Personal tools
Namespaces
Variants
Actions
APIs
Navigation
Toolbox