Basic Development Guide

  • This is a basic development guide for developing an application (app) that can operate in conjunction with the Cafe 24 shopping mall solution.
  • Basic information for an app‘s development is provided.

App basic concepts and terms

  • An app (application) refers to a program in various forms to perform using an API in conjunction with a shopping mall platform. There is no limit to apps for linking with shopping mall platforms, and any and all services can be provided in app form given that the provided service harmonizes with the shopping mall platform.
  • In order to develop a variety of creative applications, the basic terms are defined below so that confusion does not occur in understanding the instructions or during communication. If you understand the basic terms, you will be able to develop apps more easily through effective communication.
Basic app structure
Terms Description
APP The word ‘app’ is an abbreviation of ‘application.’ It refers to a program created using the API of the Cafe24 shopping mall platform to operate with the platform.
The app collectively refers to all services that run on the Web and Mobile (IOS, Android).
An App can be sold to a shopping mall operator via the App Store (you can set up a payment plan) and is operated by independent source code from the developer providing the service.
API API stands for Application Programming Interface. The Cafe24 API is an interface that enables intercommunication in standardized regulation between the shopping mall platform, application, service and library.
It is provided in the RESTful format in which communication is enabled based on set regulations (interface, parameter, etc.).
It consists of the Admin API and Front API. The Front API is comprised of APIs available for call without an authentication.
Client ID This value corresponds to the ID of a typical web service. It is an ID that proves that the user is authenticated in order to view, create, modify or delete data when an app accesses the shopping mall.
The app key issued when creating an app in the Developer Center has the same role.
Client secret This value corresponds to the password in a typical web service. This is the password that proves that the user is authenticated to view, create, modify and delete data when the app accesses the shopping mall.
In the Developer Center, the App Secret Key issued when creating an App has the same role.
The App Secret Key is classified as an important value such as a password. It can be reissued like a password, but the old Secret Key after reissuance can no longer be used.
APP URL This is a URL first accessed for the app to be serviced. It usually refers to the URL of the developer's runtime server that contains an introduction to the app, billing information, information that is critical to making a purchase, or where the actual service is running.
Redirect URL(s) This is a list of the URLs for which the app receives a response after it sends a request to the API.
The API call results can be sent in multiple numbers, but the communication must be made via the SSL (HTTPS) protocol.
This is a parameter that sends the requested information to the server when requesting the API. The parameters used by each API are all different. Detailed parameters can be confirmed by referring to the API Development Guide.
HTTP Method This is a protocol that defines the roles for the request and response data when making an API communication using the Web.
The Cafe24 API basically executes API communications by providing GET, POST, PUT and DEL methods.
We use one of the four methods to call the API, but these methods are not allowed to cross each other. (e.g. using PUT in POST mode)
The methods provided by the API can be found in the API Development Guide.
HTTP Status It is referred to as HTTP status code, as it returns the response value along with the status code when requesting an API. The status code is provided in an extended HTTP Response Code defined by the IANA.
If you want to check the detailed status codes provided by the Cafe24 API, please refer to the status code and error messages.
OAuth 2.0 It was established and developed by the IETF in November 2008 and is a standardized security / authentication scheme in RFC 6749.
The authentication is made, like a usual login to a web service (a login using an ID and password), using a Client ID (App Key, corresponds to an ID) and Client Secret (App Secret Key, corresponds to a password) for authentication (Request Token) followed by authorization (Access Token).
In general, it is a systematic security method that is widely used for services such as Google and Facebook, as Cafe24 provides OAuth 2.0-compliant services.
For more information, please refer to the Authentication / Security Development Guide.
Access_Token It is created when logging in to a platform and is a token containing information necessary to identify the user and user group information. It is a user Access Token required to call the API.
Refresh_Token The validity period of an Access Token is relatively short (usually valid for 1 hour). When an Access Token expires, a new token must be issued for security purposes so that it can be used continuously, and the Access Token can be updated without re-login using the Refresh Token.
For more information, please refer to the Authentication / Security Development Guide.
RESTful The RESTful method is not officially pronounced but is proposed unofficially over a long period of time by numerous developers, as it is a method devised to properly utilize the REST. It basically means a delivery of status by representation of the resource.
The Cafe24 API is based on RESTful and clearly defines the functions of CRUD (creation, view, modification and deletion). Detailed definitions can be checked by referring to the API Development Guide.
URI It is the only address that represents the resource on the Internet. The presence of a URI is always a requirement of the Internet and is always accompanied by the Internet protocol. What is commonly known as a URL is basically a kind of URI.
The URI of Cafe24 only provides the communication section using the SSL (HTTPS protocol) method.

Basic structure of the app

  • In order to develop an app that can be purchased and used on the Cafe24 shopping mall platform, it is recommended to have the following structure. More flawless app development shall be achieved by referring to the following basic structure.

Basic operation process of the app

  • The Basic Operation Process of the App guides you through the basic processes that take place between the app and the shopping mall platform, from app purchase via the App Store in the shopping mall to app usage.

Authentication / security processing

  • Developers must use the API Key and API Secret Key issued through the Developer Center to be authenticated and approved to use the API call rights for proper API calls and usage.
  • The Cafe24's authentication / security system provides a robust and structured security system based on standardized OAuth 2.0.
  • No exceptional methods regarding applying the security system are provided.
  • For policies and development regarding authentication and security, please refer to the Authentication / Security Development Guide.

Using the Cafe24 API

  • Numerous kinds of APIs capable of linking with the Cafe24 shopping mall platform are provided. The APIs are basically serviced in RESTful type and very easy to use with the minimum knowledge pertaining to development.
  • APIs are constantly updated to improve the functionality of the shopping mall platform.
  • For more information about APIs, specifications and methods of application, please refer to the API basic guide.

Authorization for shopping mall operators

  • The Cafe24 shopping mall platform can be managed separately by the main operator, the sub-operator and the supplier operator. As a result, there may be a need to differentiate between different permissions for each operator.
  • When there is a need to configure permissions for each shopping mall operator, or if you wish to check the permissions of each operator, you can refer to the Operator scope development guide.

Script processing rules

  • The Cafe24 Developer Center recommends the script to be namespaced in order to prevent script crashes between apps developed by numerous developers.
  • Errors may occur due to a script crash between apps without namespacing.
  • For information on how to use script naming and namespacing, please refer to the Javascript Development Guide.

App Script automatic reflection process