Long time Magento developer here, but it’s been years since I’ve actually done an implementation or any customizations.
“Back in the day”, if you wanted to add a product to a specific customers cart, you’d first have to “login” as the customer and generate a token to actually sign each request to the Magento API.
I’ve since implemented other “enterprise” commerce systems, some of which expect that you’ll have other systems / API Gateway / etc where you’ll want to terminate authentication. Basically each request to the commerce system comes in with headers that tell the commerce system which customer you are acting on behalf of. The actual commerce API is not exposed anywhere publicly, so it’s safe to trust the headers that come in.
I’m wondering if Magento has a similar feature, or if there are plugins or similar that allow for this – basically, don’t make me authenticate with Magento as a customer, let me just tell Magento that I am X customer.
submitted by /u/kevysaysbenice
[link] [comments]