cancel
Showing results for 
Search instead for 
Did you mean: 

Preventing malicious users from fetching other's order data

lsliwa
Explorer
353

Good morning,

The `/{baseSiteId}/users/{userId}/orders/{code}` allows me to get orders of both anonymous and authenticated users.

1. To get an order of an authenticated user, I need to provide a valid, user-specific access token - that's OK.

2. To get an order of an anonymous user, it is enough if I provide a generic application token (derived from `clientId` and `clientSecret`). Therefore, if I have an application token, I can theoretically fetch any anonymous user's order (provided that I have its `guid`) along with the sensitive data.

In my frontend application, I want to implement a Thank You page which needs some order data (e.g. creation date, number and status). I want to display it for both authenticated and anonymous users (after a guest checkout). However, I'm a little bit concerned about potential vulnerabilities it might cause if my frontend uses that endpoint and allows to fetch anonymous user orders from it.

Is there any additional way of securing this endpoint through the Backoffice? Or is it some already exercised pattern that could be used on the frontend to mitigate the risks (e.g. reducing the subset of fields returned by the API)?

Accepted Solutions (0)

Answers (2)

Answers (2)

safin
Product and Topic Expert
Product and Topic Expert
0 Kudos

Hi,

The order informations are very sensitive, all anonymous user order information can only be gotten with the role ROLE_CUSTOMERMANAGERGROUPT, in this way, only specific user can access it.

hopefully it can help you.

former_member506
Participant
0 Kudos

Hello,

Certain amt. to security can be achieved using @Secured annotation on Controller with mention of customer groups for access.

Is that what you are looking for ? Pls check.