ron.richardson wrote:
Hi Krunal,
I do not have any road map yet, currently I just want to complete most of the important methods, such as customers and orders CRUD. You are welcomed to propose other methods though! :)
I think the CRUD operations are good to add to start, but in the hands of the wrong developer, it could be dangerous. I'd also suggest exposing the public methods of all (or some) the services in Nop.Services. I recently had to do that to the built-in web service plugin to be able to generate gift cards from another website.
That way, someone could build a super stripped down version of the site with your plugin and easily remove any extras that they don't need (such as forums, blogs, etc.)
Hi Ron,
1. RE: "I think the CRUD operations are good to add to start, but in the hands of the wrong developer, it could be dangerous."
The moment we decided to open another door for accessing the nopCommerce (through API), we are prepared for one more layer of threat. I've implemented a simple token-based authentication system in the architecture, that should do most of the tricks. But yeah, you never know what the hackers are thinking about, so if you have any insight as of how to improve the security, please contribute to the code!
I am also planning to include an authorization system. So that certain API methods are only allowed for certain API tokens. In that way we can control what the token can do (and cannot do), which minimize the possibilities of security breach. But yeah, that's for future, I would like to get the basics completed first. One step at a time! :)
2. RE: "I'd also suggest exposing the public methods of all (or some) the services in Nop.Services."
That's what most of the contributors are doing. Currently we are focusing on bringing Cutomers and Orders methods into the code. Again, one step at a time! :)