fulfillmenttools
  • Welcome to the fulfillmenttools Platform Documentation
  • Getting Started
    • Setup your access to fulfillmenttools
    • Make your first API Calls
      • Add your first facility
      • Add your first listing
      • Place your first order
    • Core concepts & terminology
      • Order Flow
    • Postman Collection
    • Client SDKs
    • FAQ
  • Clients
    • Backoffice
      • First steps - Registration
      • Network view
        • Home
        • Orders
          • Unroutable orders
          • Pre-orders & Backorders
          • Order History
        • Inventory Management
          • Stock Overview
          • Channel Inventory
        • Facilities
        • Users
        • Returns
        • DOMS configuration
        • Settings
        • Analytics
          • DOMS Pages
          • Fulfillment Operations Pages
          • Inventory Pages
          • Downloads Page
      • Facility view
        • Home
        • Inbound
        • Tasks
        • Listings
        • Storage Locations
        • Facility
        • Users
    • Inventory app
      • Registration Inventory App
      • App sections
        • Inbound
        • Storage and relocation
    • Operations app
      • Android
        • Manual Registration
        • Android Enterprise Registration
        • Sections
          • Picking
            • Load Units (legacy)
            • Substitute items
            • Weighed or measured products
            • Scanning configuration
            • Picking Methods
              • Batch Picking
              • Multi Order Picking
          • Packing
          • Handover
          • Returns (legacy)
        • Printing
        • Notifications
      • Webapp
        • Packing
      • Overview features Android & Webapp
    • Technical requirements
      • Zebra Hardware Scanner Configuration
      • Honeywell Hardware Scanner Configuration
      • Supported barcodes for camera scanning
      • Requirements for fft applications
      • Zebra printer
    • Returns app
      • Handle unannounced returns
      • Handle announced returns
  • Products
    • Core Functionality
      • Process
        • External actions
      • Add and manage facilities
      • Notification Center
      • Checking on features
      • Tags and Stickers Concept
      • GDPR
      • Remote Configuration
      • Expiry
      • Target time
      • Time calculation for queries of future availabilities (LPS-calculation)
      • Interfacility Transfer
    • Carrier Management
      • Overview
        • Available Carriers
      • Concepts
        • Carrier Country Service Mapping (CCSM)
        • Non-delivery-days
        • Custom Carrier & Headless operation of Carriers
      • Providing needed data
    • Fulfillment Options
      • Fulfillability Check
      • Checkout Options
        • Available fulfillment options based on basket
        • Earliest possible delivery date
        • Available delivery dates within time-period
        • Availability for delivery date
      • Delivery Promise
    • Inventory Management
      • Configurations
      • Entities
        • Listing
        • Stock
          • Stock Properties
        • Storage Location
        • Zone
      • Global Inventory
        • Stock availability
        • Channel Inventory
        • Expected stock
        • Inbound Process
        • Reservations
        • Safety Stock
      • Inventory Control
        • Inventory Traits
        • Measurement Units
        • Outbound Inventory Tracking
        • Storage Location Recommendations
    • Order Fulfillment
      • Headless Order Fulfillment
      • Pick Jobs
      • Zone picking
      • Load Units
      • Custom Service
      • Handover Jobs
      • Add External Documents
      • Configurations
        • Picking Configuration
          • Picking methods
          • Short Pick Reasons
        • Packing Configuration
          • Packing Container Types
        • Print / Document Configuration
        • Tag Configurations
          • Parcel Tag Configuration
        • Handover Configuration
        • Operative Container Types
    • Order Routing
      • Entities
        • Ship-from-Store Orders
        • Click-and-Collect Orders
        • Locked Orders
        • Custom Services Orders
          • Simple Custom Service Order
          • Complex Custom Service Order
      • Fences
      • Ratings
      • Order Split
        • Order split - initial routing
        • Order split after shortpick
        • Item bundles
      • Reroute
      • Shape the routing with the DOMS Toolkit
      • Decision logs
    • Returns Management
      • Returns legacy
        • Available status
      • Returns 2.0
        • Return Reasons
        • Item Conditions
        • Integrating Returns with Events
    • Use Cases
      • Demand-Driven Replenishment
      • Expected stock in availability
      • Multi Order Picking
      • Interfacility transfer
      • Assigned Users
  • Connecting to fulfillmenttools
    • General Topics
      • Use external identity providers to authenticate to fulfillmenttools
        • Microsoft Entra ID / Azure Active Directory (AD)
      • Public Event Export
      • Available Regions
      • Backup Policies
    • GraphQL API
    • RESTful API
      • General Topics
        • API Release Life Cycle
        • Versioning
        • Authorization
        • Customization via Attributes
        • Update Guarantees
        • Rate Limits
        • Resource Timestamps
        • Pagination Interface
        • Localization
        • Custom Attributes
      • OpenAPI Specification
        • Swagger UI
        • OpenAPI 3.0 Spec
    • Eventing
      • Structure of an Event
      • Available Events
      • Tutorial
    • commercetools Connect
    • Integration Tutorial
      • Adding facilities
      • Adding listings to facilities
      • Configuring stocks
      • Carrier configuration
      • Placing orders
      • Checkout Options
      • Distributed Order Management System (Routing)
      • Local fulfillment configuration
  • Incident Reporting
    • How to report incidents in fulfillmenttools
    • How to define incident priorities
  • Release Notes
    • Release Summary – May 2024
    • Release Summary – June 2024
    • Release Summary – July 2024
    • Release Summary – August 2024
    • Release Summary – September 2024
    • Release Summary – October 2024
Powered by GitBook
On this page
  • tl;dr; Would you like to learn how to receive the Auth-Token?
  • About User-Tokens
  • Roles and Permissions
  • Facility affiliation
  • Use Case: Working with users via REST API
  • Creation of a new User
  • Use Case: Modifying the role of a user
  • Deleting a user

Was this helpful?

  1. Connecting to fulfillmenttools
  2. RESTful API
  3. General Topics

Authorization

About Users & Concepts

PreviousVersioningNextCustomization via Attributes

Last updated 4 months ago

Was this helpful?

This page is outdated. Please go to our new documentation under .

tl;dr; Would you like to learn how to receive the Auth-Token?

Please refer to the section to learn more about that. Have fun!

About User-Tokens

In order to access any data within fulfillmenttools you need to possess valid credentials in the form of a username and a corresponding password. Our Auth Provider provides a in exchange for such credentials, which needs to be sent along every issued request to any of the provided APIs.

Currently there is no way on issuing machine-to-machine tokens. All provided access to the system is based on a user (which can be impersonated by a machine of course).

Roles and Permissions

In the fulfillmenttools platform there is a simple yet effective rights & permissions system in place. It grants access to data, that the user is allowed to see while it hides data from users, that are authenticated but not authorized to view data. The role also has impact on active features in API, backoffice or mobile clients.

Currently there is a fixed set of roles a user can take within the platform:

Role
Facility affiliation
Description

FULFILLER

yes

The Fulfiller is the role that takes care of the operative workflow, such as picking, packing and sending an order on the way. Therefore users of this role have primarily access to operatively needed parts of the system.

SUPERVISOR

yes

The Supervisor is allowed to configure the settings of certain facilities. Therefore a user of this role will primarily use the Backoffice Application as well as potentially other clients. The Supervisor role extends the role of the Fulfiller.

ADMINISTRATOR

no

The Administrator of a fulfillmenttools system is allowed to access all the functionality.

A user always has to have a known role in order to interact with the clients or via the API. This information is provided to the Identity-Provider and will be reflected in the JWTs, that is issued to the user.

Only information that comes within the signed JWT token is considered for authorization in the platform. That also means, that for example a role change can take up to 60 minutes for a user to become visible, because already issued JWT Tokens still remain valid. You can force acquiring a new role for example by asking the user to logout and login again.

Currently there is a 1:1 relationship between a user and a role: Any given user in the system can have exactly one role.

Facility affiliation

In order to prevents user of specific roles to read out data that they are not allowed to see (for GDPR reasons for instance) some roles are only assignable together with a mandatory reference to a facility.

Currently the list of available roles is fixed and cannot be extended by the client.

Use Case: Working with users via REST API

Creation of a new User

The following calls are allowed to the following roles: SUPERVISOR, ADMINISTRATOR

curl -sSL -X POST 'https://your.api.fulfillmenttools.com/api/users' \
--header 'Content-Type: application/json' \
--header 'Authorization: Bearer <TOKEN>' \
--data-raw '{
  "firstname": "Donna",
  "lastname": "Sheridan-Carmichael",
  "username": "dsheridan",
  "password": "fsdf6556",
  "roles": [
    {
      "name": "FULFILLER",
      "facilities": [
    "0AMSoRCbm7kSM3LJPoeH"
      ]
    }
  ]
}'

Response:
201 OK
{
    "customClaims": {
        "roles": [
            {
                "facilities": [
                    "0T1vKaEar0nuG58CxzA5"
                ],
                "name": "FULFILLER"
            }
        ]
    },
    "version": 1,
    "lastname": "Sheridan-Carmichael",
    "username": "dsheridan",
    "firstname": "Donna",
    "created": "2020-09-25T10:06:35.009Z",
    "lastModified": "2020-09-25T10:06:35.009Z",
    "id": "x5jrZrDHvYYs6HpaDICKYG4QuIk2"
ba

Operation is allowed by either a SUPERVISOR of facility 0AMSoRCbm7kSM3LJPoeH or an ADMINISTRATOR.

Use Case: Modifying the role of a user

curl -sSL -X PATCH 'https://your.api.fulfillmenttools.com/api/users/x5jrZrDHvYYs6HpaDICKYG4QuIk2' \
--header 'Content-Type: application/json' \
--header 'Authorization: Bearer <TOKEN>' \
--data-raw '{
  "version": 1,
  "actions": [
    {
        "action": 	"ModifyUser",
          "roles": [
              {
                "name": "SUPERVISOR",
                "facilities": [
              "0T1vKaEar0nuG58CxzA5"
                ]
              }
            ]
    }
  ]
}'

Response:
200 OK
{
    "lastname": "Sheridan-Carmichael",
    "customClaims": {
        "roles": [
            {
                "facilities": [
                    "0T1vKaEar0nuG58CxzA5"
                ],
                "name": "SUPERVISOR"
            }
        ]
    },
    "version": 2,
    "lastModified": "2020-09-25T10:13:27.236Z",
    "username": "dsheridan",
    "created": "2020-09-25T10:06:35.009Z",
    "firstname": "Donna",
    "id": "x5jrZrDHvYYs6HpaDICKYG4QuIk2"
}

Deleting a user

curl -sSL -X DELETE 'https://your.api.fulfillmenttools.com/api/users/x5jrZrDHvYYs6HpaDICKYG4QuIk2' \
--header 'Content-Type: application/json' \
--header 'Authorization: Bearer <TOKEN>'

Response:
200 OK

When a user is deleted all currently active JWT Tokens of said user are invalidated. The user will not be able to use an issued token anymore.

The JWT Token itself is signed & contains your username, your role and your potential facility affiliation (). It has a Lifetime of 60 minutes and can be refreshed using the refresh token which comes with the response from the Auth Provider.

see below
https://docs.fulfillmenttools.com/documentation
Make your first API call
JWT Token
Drawing