Concepts
Tenants
The warrify platform is multi-tenant. Every resource is associated with a tenant. Typically a tenant is:
- a retail chain
- a PoS provider that develops the warrify integration
- a warrify partner that offers a warrify integration to their customers
But an organization can have multiple tenants, for example:
- A retail conglomerate with multiple subsidiaries can have a tenant for each subsidiary.
- A retail chain with different independent brands can have a tenant for each brand.
(this however is not recommended, as it is not possible to share resources between tenants. If only branding is required, it is recommended to use the
$.attributes.retailer.brand
field instead) - A single organization can have multiple tenants for different purposes, for example a tenant for production and a tenant for testing.
When using the warrify platform, you will need to specify the tenant for each request. This is typically done by specifying the tenant in the path of the request URL.
Tenants are a logical separation of resources. A single user can have access to multiple tenants. Similarly, a single set of API credentials can be used to access multiple tenants. To learn more about users and API credentials, see the Permissions section.
Permissions
Every API call on the warrify platform requires authorization. Whether a caller is authorized to perform an action is determined by the combination of:
- the
principal
(i.e. theuser_id
of the user or theclient_id
of the API credentials) - the
action
(e.g.checkout:sales:create
) - the
resource
(e.g.urn:warrify-com:3a3567e0-acb3-4db3-89d6-e542fb9516ac:eu-1:checkout:sales:*
)
The fact that permissions are completely decoupled from the resource hierarchy (i.e. tenant) and the principal allows for a very flexible permission model. For example to use a third party offering that utilizes the warrify platform a retailer does not need to create a new set of API credentials for the third party but can instead grant the third party access to the retailer's existing API credentials via permissions.
When looking at an API call in our documentation, you will see the required permissions for that API call in the AUTHORIZATIONS
section (listed as a scope).
Actions follow the format {service}:{resource}:{operation}
, where {service}
is the name of the service (e.g. checkout
), {resource}
is the resource type in plural form (e.g. sales
) and {operation}
is the operation to be performed (e.g. create
).
Extensions
Extensions are a way to adapt the API to local laws and regulations as well as to support custom use cases.
They include return processing, warranty information, and more.
Extensions are defined by the $.attributes.extensions
field.
Attachments
Arbitrary files can be attached to resources via the $.attributes.attachments
field.
Attachments are stored in a separate storage system and are not part of the resource itself.
While attachments can be updated separately from the resource, every sale references a specific version of an attachment and thus the update of an attachment will not affect existing sales.