API Reference

Building custom customer portal

Overview

This document will walk you through the steps for building a custom customer portal using the Loop Storefront API. You will learn everything you need to know to integrate and build a fully functional and customizable customer portal for your e-commerce platform using Loop storefront APIs.

This documentation will cover:

  • Authentication: How to authenticate and secure your API requests to ensure that only authorized users can access the data and services.
  • Basic Endpoints: We will guide you through the most commonly used API endpoints needed to interact with the customer portal, including retrieving customer data, managing orders, and accessing product details.
  • Customization: We’ll touch on how to extend and customize the portal based on your specific business needs, integrating with other systems and tailoring the experience for your customers.
  • Best Practices: To ensure optimal performance, security, and user experience, we'll outline the best practices when using the Loop Storefront API for your customer portal.

By the end of this documentation, you will be able to build a seamless customer portal that integrates smoothly with the Loop Storefront API, offering a personalized and efficient experience for your users.

Before You Start

Before diving into building your custom customer portal using the Loop Storefront API, there are a few important considerations you need to take into account, particularly around how and where the API will be called—on the client side or the server side. The following points will help guide you in choosing the right approach for your implementation.

Client-Side API Calls

This documentation is primarily focused on building a customer portal that communicates directly with the Loop Storefront API from the client side. If you're planning to make calls to the API from the user's browser (client-side), you should be aware of the following:

  • Security Considerations: When using client-side API calls, you will be exposing your API keys in the browser, which can pose security risks. It’s crucial to ensure that any sensitive data is protected and that authentication is handled properly.
  • Authentication: You'll be using OAuth 2.0 for user authentication, meaning that your API calls will require valid access tokens for each user session. This process typically involves redirecting users to a login page, obtaining the access token, and securely storing it for future requests.

Server-Side API Calls

On the other hand, if you're building your customer portal to make server-side API calls, you have a more secure option. In this case, you can use the Admin API instead of the Storefront API. Here’s why you might choose this approach:

  • Reduced Complexity: When calling the API from the server side, you can avoid exposing sensitive information like API keys or access tokens in the client’s browser. This setup also allows you to handle authentication more securely by managing it on the server.
  • Fewer Endpoints: Using the Admin API allows you to access a more consolidated set of endpoints, which simplifies authentication and reduces the number of calls needed to retrieve user-specific data. The Admin API provides more direct access to the backend resources, making it a more streamlined solution for certain use cases.
  • Improved Security: Since the API calls are made from your server, you can implement additional security layers to safeguard sensitive user data and ensure compliance with data protection regulations.

Choosing Between Client-Side and Server-Side

Ultimately, your choice between client-side and server-side API calls will depend on the needs and architecture of your portal:

  • Client-Side: Choose client-side calls if you need the flexibility of interacting directly with the API from the user’s browser, but be sure to implement proper security measures.
  • Server-Side: Opt for server-side calls if you want to simplify authentication and increase security by handling API requests in a more controlled environment.

In either case, understanding these key differences will help you make informed decisions as you begin to implement your customer portal.