commercetools
What's the preferred way to build a spa using Commercetools platform api?
It seems nodejs sdk is only for serverside. Is http api my only option to build a spa?
As CORS are not allowed to the Auth service, should I proxy all requests through my server?
I saw the "Select permissions for an API client suited for a mobile or a single page application." in NEW API CLIENT page, is there any further instruction/demo about it?
Thank you in advance for any help.
@zcfan Hi, let me try to answer your questions.
It seems nodejs sdk is only for serverside
Yes and no. The version 1.x is only serverside yes, version 2.x (which is still in development but you can already start using it) is built to work both server + client side.
Is http api my only option to build a spa?
Depends on your use case. What kind of application would you like to build that is SPA? What is your use case that you are trying to cover?
As CORS are not allowed to the Auth service, should I proxy all requests through my server?
The auth-ws doesn't support CORS, correct. We don't support yet the OAuth 2 Implicit Client Flow, which is meant to be used for client side applications. There are some security reasons behind it.
I saw the "Select permissions for an API client suited for a mobile or a single page application." in NEW API CLIENT page, is there any further instruction/demo about it?
We do have some restricted endpoints that are meant to be used for Mobile or Browser applications, check out the "Mobile & Browser" section in the API Documentation.
In general it all comes down to the use case you want to cover. If you are trying to build an application to manage your data (like the Merchant Center) and you want to use the HTTP API "normally" (create products, view orders, etc), I would recommend that you have your own HTTP server running as a "proxy" to the HTTP API, which provides the necessary authentication. The HTTP server also needs to take care of its own authentication / login. If you just want to display some data without much authentication involved, you might want to look into the "Mobile & Browser" endpoints.
Feel free to ask any further question or get in touch with our support channel if you want to get more technical help.
Hi @zcfan! Not nodejs specific, but you can checkout this tutorial here: http://dev.commercetools.com/tutorial-mobile-spa.html It should give you an idea of what we're offering on the API side.
As a reference implementation for the /me endpoints, we have the iOS SDK https://github.com/commercetools/commercetools-ios-sdk and Sunrise app https://github.com/commercetools/commercetools-sunrise-ios (if you want to read a bit of Swift code 😉 ).
If that does generally make sense for you, we can look into the CORS issues at the auth service.
