Configuring Your Account

Developer Instructions for configuring the Orders Plugin.

The API requests for the following configuration are included in a Postman collection.

Importing the collection will add a new environment (Fusiform Plugin) to your Postman application, which you can use to configure the authentication for making requests to the API. Set your Postman environment variables to include your username, password, and organization ID (orgId)

FusiformCAST and the Fusiform orders plugin uses the FactoryFour API for its backend services. Throughout this configuration, you'll see references to https://api.factoryfour.com, which is where Fusiform resrouces are stored.

Authentication

FactoryFour authentication is completed through the Auth0 API (https://factoryfour.auth0.com). An example authentication request is included in the Postman Collection, however all other requests are preconfigured to automatically authenticate if the environment has been configured correctly.

The authentication request is a POST to the url https://factoryfour.auth0.com/oauth/token

//Example Request Body
{
  "grant_type": "password", //Required value for all organizations and requests
  "client_id": "EROxMPqTUoZE21q6xD6CDnPLt2maGy6o", //Required value for all organizations and requests
  "username": "{{username}}",
  "password": "{{password}}",
  "connection": "FactoryFour-Production", //Required value for all organizations and requests
  "scope": "openid email" //Required value for all organizations and requests
}
//Example Response Body
{
  "access_token": "value";, //Unnecessary token
  "id_token": "{{token}}", // API token
  "expires_in": 86400,
  "token_type": "Bearer"
}

The id_token field in the response is what will be used to make authenticated requests to the FactoryFour API. For authenticated reqeusts, set the authorization header to Bearer {{token}}.

Domain Whitelisting

Requests from the plugin are only allowed from certain domain origins. To use the plugin on your website, you will need to specify the domains that requests will be coming from.

If you're trying to run the plugin in your website, hosted at https://shop.fusiform.co, the domain to add to the whitelist is https://shop.fusiform.co

Updating

Use the Update Configuration request in the Portal Configuration folder of Postman collection.

To update the domain whitelist make an authenticated PUT request to https://api.factoryfour.com/portal/{orgId}/configure. The body of the request must be a JSON object, and has two keys whiteList and overwrite.

whiteList is required and is a array of string values that list the domains origins to accept requests from. By default, this will append values to any existing entries in the whiteList.

overwrite is optional and is a boolean to replace all entries in the existing whitelist with the ones in the current request body.

//Example Request Body
{
  "whiteList": ["http://localhost:8000", "http://shop.fusiform.co"],
  "overwrite": true
}
//Example Response Body
{
    "data": {
        "orgId": "{orgId}",
        "whiteList": [
            "http://localhost:8000",
            "http://shop.fusiform.co"
        ]
    },
    "info": {
        "transactionId": "0a9aa932-4a6e-4890-a146-662425fc34ee",
        "statusCode": 200,
        "url": "/{orgId}/configure",
        "method": "PUT",
        "message": "Updated the portal"
    }
}

Retrieving

Use the Retrieve Configuration request in the Portal Configuration folder of the Postman collection.

To see the current domain whiteList, make an authenticated GET request to https://api.factoryfour.com/portal/{orgId}/configure.

//Example Response Body
{
    "data": {
        "orgId": "{orgId}",
        "whiteList": [
            "http://localhost:8000",
            "http://shop.fusiform.co"
        ]
    },
    "info": {
        "transactionId": "0a9aa932-4a6e-4890-a146-662425fc34ee",
        "statusCode": 200,
        "url": "/{orgId}/configure",
        "method": "GET",
        "message": "Retrieved the portal"
    }
}

Devices

Devices are the products that are listed for distribution by your account. This request can be used to list all devices that the plugin can allow ordering from.

This request does not require authentication, but does require an Origin header, which can be set to one of the domains in the whitelist.

To see the current devices, make a GET request to https://api.factoryfour.com/devices/portal/{orgId}.

//Example Response Body
{
    "data": [{
        "name": "Name of Device",
        ...
    } ...],
    "info": {
        "transactionId": "0a9aa932-4a6e-4890-a146-662425fc34ee",
        "statusCode": 200,
        "url": "/{orgId}/configure",
        "method": "GET",
        "message": "Retrieved the portal"
    }
}