This project is not covered by Drupal’s security advisory policy.
Commerce Services integrates Drupal Commerce with the Services module's REST server. This allows you to build an API that can list (index), create, read, update, and delete Commerce entities remotely, including Products, Customer profiles, Orders, Line items, and Payment transactions. It also supports pseudo-entities such as product displays and shopping carts to make it easier to render Add to Cart forms and manipulate cart contents remotely.
Sponsored by Commerce Guys.
This module currently works with Drupal Commerce 1.6 or greater, but we always test and recommend running it in conjunction with the latest version of Drupal Commerce.
Typical REST resources deal with single entities, but it's simply not practical to require remote applications to submit multiple HTTP requests to build the various entities that would be referenced by a single order within Drupal Commerce. Therefore, this module defines resources that can perform the CRUD operations on an entity and its referenced entities in a single API request (such as an Order along with its Customer profiles and Line items).
This module will also provide targeted actions to allow you to manipulate shopping cart orders for customers remotely. You might use this module to let customers browse your catalog and create shopping carts on the website through a mobile app or remote web application.
This module is being developed to support Commerce API servers that conform to the best practices recommended by Apigee, a leading API platform provider. More information can be found in their helpful e-book, Web API Design.
One exception is that we define resources using singular nouns to follow the pattern of the resources defined by the Services module. Apigee recommends using plural nouns, which may still be achieved using this module through aliases configured in the REST server settings.
Our recommended method of authentication is to create an API user (or users) with the permissions enabled for the remote operations you wish to perform through Commerce Services. Use the core Services user/login resource to login as the API user, and submit the returned session name and ID as the cookie used to identify the session in subsequent API requests.
As much as this project is about defining Services resources, it also aims to be a place to solidify best practices and provide examples to help developers design smart, secure Drupal Commerce REST services. Feel free to make proposals on how users should best implement Commerce Services or provide links to helpful guides / tutorials like those listed in the README.
Resources Development Roadmap
The following list of resources includes the callbacks that we're targeting for an initial release of the module. The list is by no means comprehensive. Please request additional callbacks (with or without patches) in the queue.
- Product displays: index, retrieve, relationship for products
- Products: index, retrieve, update, delete
- Orders: index, retrieve, create, update, delete, relationships for line items / payments
- Line items: index, retrieve, create, update, delete
- Carts: index, create
Additionally, it would be nice to facilitate remote catalog browsing and faceted searching through integrations with Taxonomy and Search API.
If you'd like to contribute to resource development, please pattern your patches on the existing resources. If you notice some routine code that we end up performing across all of our resources, feel free to propose an API function in the module to abstract that out of our resource includes (e.g. commerce_services_services_request_preprocess_alter() / commerce_services_object_filter()).
- Maintenance status: Actively maintained
- Development status: Under active development
- Module categories: Commerce/Advertising
- Reported installs: 812 sites currently report using this module. View usage statistics.
- Downloads: 4,980
- Last modified: December 2, 2014
- This project is not covered by the security advisory policy.
Use at your own risk! It may have publicly disclosed vulnerabilities.