Forum Academy Marketplace Showcase Pricing Features

Creating a Data API token with restrictions

Hi, in my app db I have a list of products that are sold in different stores.

I would like to add a “Buy on X store” button that redirects my users directly to the ecommerce of the X store.

The idea is that when the user lands on the e-commerce of the X store, all the products that where in my db and that are sold by the X store, are all ready in the user’s shopping cart, so the user won’t have to search and select product by product, the cart is ready and the user only has to pay.

I was thinking on building a Data API that allow the X store to retrieve the products in my db using a GET request when the user lands on their eccomerce with a URL parameter that informs to the X store that this user was redirected from my app.

However, I would like to restrict the access of the X store through the Data API, so that they can’t see the products in my db that are sold by other stores.

How can I set this restriction to a Data API like this one?

I can’t authenticate the Data API user using log in authentication because the X store is not login in, they are just making a call to my Data API when a user with certain URL parameter lands on their e-commerce.

Any ideas would be much appreciated!