These are chat archives for mirumee/saleor

16th
Apr 2018
maltitco
@maltitco
Apr 16 2018 09:49
Hi, what should it look like, authorization of API access from external applications?
Patryk Zawadzki
@patrys
Apr 16 2018 09:55
you mean stuff like OAuth?
maltitco
@maltitco
Apr 16 2018 09:58
I need to update the available quantity of products in the store from an external application, and I do not where to define access to the saleor API
maltitco
@maltitco
Apr 16 2018 12:19
I will try to use the graphql API for this, using the user with access rights only to modify the product - is there a separate authorization system planned for the API?
Patryk Zawadzki
@patrys
Apr 16 2018 12:20
we have JWT-based auth for that but it requires that the client knows the email and password to obtain the key
in your case it may be easier to implement OAuth where the client does not have to handle login
maltitco
@maltitco
Apr 16 2018 12:23
how can I restrict access to only one API function? I was thinking about creating a new mutation for the product only to update the quantity
Patryk Zawadzki
@patrys
Apr 16 2018 13:48
that’s why I suggested OAuth: it provides a feature called scopes where you could grant access to a subset of privileges
maltitco
@maltitco
Apr 16 2018 20:04
thanks for the info, I'll check OAuth