Operator permissions guide

  • The cafe24 shopping mall platform can be managed separately by the administrator, sub-administrator and supplier operator.
  • This guide explains how you can control and manage scopes in your app for each operator.

Operator permissions settings

  • The following architecture is provided for setting and controlling operator specific permissions in the app.

Basic overview of architecture

Register permission information provided by the app

  • In order to set scopes for the shopping mall operators in the app, we will guide you to register the URI that can confirm the administrator's scope in the app.
  • In addition, we will guide you through the example actions that set the scopes of the operators in the shopping mall.

1. Register operator authorization URI (Developer Center)


  • If your app requires control over scopes by operator, register a URI that verifies the scopes in the app on an operator-by operator basis in the Developer Center.
  • Please refer to the scope specification (JSON format) at the bottom for the authorization information that should be provided in the registered URL.

2. Configuring scopes for each operator in the shopping mall (example)


  • Check the scope in the operator authorization URI registered in the app and display it on the operator scope configuration screen in the shopping mall, configuring scopes for each operator and saving them in the shopping mall platform and then sending the configured scopes to the app at execution.

Specs of scopes provided by the app (JSON format)

  • If you want to control the usage rights of each operator, you must provide the permissions provided by the app in the following format.

The specifications that should be provided by the authorization URI of the app (app → shopping mall) - JSON format

{
"MENU_LIST":{
"{$Menu_name_1}":{
"code":"{$code name of menu_name_1}"
  },
"{$Menu_name_2}":{
"code":"{$code name of menu_name_2}",
"sub":{
"{$Submenu_1}":{
"code":"{$code name of submenu_1}"
    },
"{$Submenu_2}":{
"code":"{$code name of submenu_2}",
"sub":{
"...":{
"code":"..."
      }
     }
    }
   }
  }
 },
"FUNCTION_LIST":{
"{$function name_1}":{
"code":"{$code name of function name_1}",
"sub":{
"{$Sub-function name_1}":{
"code":"{$code name of sub-function name_1}"
    }
   }
  ...
  ...
 }
}

Specifications that should be provided in the app authorization URI (app → shopping mall) - example

{
"MENU_LIST":{
  "Q&A":{
   "code":"Mabc1"
  },
  "Statistics":{
   "code":"Mabc2",
   "sub":{
    "Daily analysis":{
     "code":"Mabc3"
    },
    "Weekly analysis":{
     "code":"Mabc4",
     "sub":{
      "Week 1":{
       "code":"Mabc5"
      },
      "Week 2":{
       "code":"Mabc6"
      }
     }
    }
   }
  }
 }
,
"FUNCTION_LIST":{
  "Use period":{
   "code":"Fabc1"
  },
  "View refund amount":{
   "code":"Fabc2"
  }
 }

}

When the app runs in the shopping mall, the scope information specifications sent to the app (shopping mall → app)
When a shopping mall operator installs an app already installed in the shopping mall, the information in the shopping mall in which the app is executed upon the GET request to the app URL registered at the Development Center, the operator and the scope of the app is sent. The sent data can be verified using the hmac format.
(Please note that the format below is constantly updated).

Permission Information Specification
Key Value Description
is_multi_shop In use: ‘T’
Not in use: ‘F’ or variable not sent
Whether or not an additional shopping mall is registered besides the basic mall
lang Korean : 'ko_KR'
English : 'en_US'
Japanese : 'ja_JP'
Simplified Chinese : 'zh_CN'
Taiwanese(traditional Chinese) : 'zh_TW'
Portuguese : 'pt_PT'
Spanish : 'es_ES'
Language used in the shopping mall
mall_id Shopping Mall ID Shopping Mall ID
shop_no Number Shopping mall serial number (default mall has ‘1’ and additional serial numbers are assigned with multiple malls added)
user_id User ID logged in to the shopping mall operator User ID logged in to the shopping mall operator
user_name User name logged in to the shopping mall operator User name logged in to the shopping mall operator
user_type Operator (Chief Operator): P
Sub-operator: A
Supplier operator: S
Types of users logged in to the shopping mall operator
time stamp time stamp 값 Time stamp at the time of the app execution request
hmac Base64 encoded string Key for verifica tion

Binary hash value encoded in base64
- Hash algorithm: sha256
- Hash data (string): Url-encoded GET query string sorted alphabetically (by variable name) of variables sent to GET
- Hash key: App secret key from the Developer Center

https://{{AppUrl}}/?is_multi_shop={{multiple shopping mall}}&lang={{shopping mall language}}&mall_id={{mall ID}}&shop_no={{shop_no}}&time stamp={{time stamp}}&user_id={{login ID}}&user_name={{login user name}}&user_type={{user type}}&hmac={{verification key}}