Enabling & Configuring REST API

SmithCart allows you to integrate any Desktop, Web or Mobile Application to connect to your e-commerce site using the RESTful API Service. By requesting the REST API EndPoints you can retrieve or update the data in your store (i.e. Customers, Orders & Products).
How it works:
  1. After you generate a ClientID for the App you are going to use, you will need to call Authorization Service using HTTP Methods to request for a JWT (JSON Web Token).
  2. Then you will need to use the JWT as your Authorization key to request any EndPoint to payload and return a JSON (JavaScript Object Notation) data object.
  1. The following should be added to your “web.config” file to enable the REST API Service, (you may add it right before the </configuration> tag):
       <service name="RazorCart.Services.CheckoutService"
           <endpoint address=""
           <endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange" />
           <binding name="SmithServiceBinding">
               <security mode="Transport">
           <behavior name="SmithServiceBehavior">
               <serviceMetadata httpGetEnabled="true" />
               <serviceDebug includeExceptionDetailInFaults="true" />
           <behavior name="SmithEndpointBehavior">
               <webHttp />
   <serviceHostingEnvironment multipleSiteBindingsEnabled="true" />
  1. You can change the security mode to None if you wish to use HTTP instead of HTTPS
<security mode="None">
  1. Add the following between <handlers> and </handlers> to allow the OPTIONS Verb HandlerJSON request:
<add name="CustomOPTIONSVerbHandler" path="*.json" verb="OPTIONS" type="RazorCart.Services.Cors.OptionsHandler, RazorCart.Services" />
  1. After the <customHeaders> in the <httpProtocol> section, add the following configurations to allow these CORS requests (Allow-Origin "*" will allow sharing requests from any outside domain, you may replace it with your outside domain name instead):
<add name="Access-Control-Allow-Origin" value="*" />
<add name="Access-Control-Allow-Headers" value="Content-Type, Accept, Authorization" />
<add name="Access-Control-Allow-Methods" value="GET, HEAD, POST, PUT, PATCH, DELETE" />
<add name="Access-Control-Max-Age" value="1728000" />
Creating API Keys:
  1. From the “Smith.BuyNow” page open the Store Setup menu and navigate to License/API Keys
  2. Go to API Keys tab and Click “Add API Key
  3. Use your main App URL (the URL of where you are going to call the Authorization Service from) for the CallBack and Application URL's
  4. Enter an optional title and summary for the API key
  5. Click Save
  6. The API Client screen will give you a ClientID for the CallBack URL you have provided (Implicit Grant OAuth 2.0 method), you will also need this ClientID if you wish to use the (Resource Owner Password Credentials Grant OAuth 2.0 method)

Add Feedback