New options to integrate settings in Shoptet admin

This article is intended for partners, who have already implemented addon’s settings into the administration using the full OAuth process (older approach). Especially because of cookies problems with Safari and some Chrome configurations, we have changed the mechanics a bit.

• The addon can be integrated directly as of now (your web server directly) or using proxy_pass. In the later case we use https://<eshop-url>/addon/<number>-<language>/<your-settings-url> as the iframe source URL, which is translated using proxy_pass on the web server and redirected to your web server. Output from your web server is passed to the user under eshop URL.
• oauth_code does not have to be requested by redirect to our OAuth server, you will get it directly within the URL.

Adapted documentation: Placing addon settings into Shoptet admin and amended simplified OAuth.

If you have the origina integration style, just a few changes are necessary:

• Add placeholder #OAUTH_CODE# to your addon settings URL (e.g. ?code=#OAUTH_CODE#).
• Skip redirect to the Oauth server, the authorization is to be performed by a backend call directly (Skip step 2 in the original quide and go directly to point 3).
• In case of a proxy_pass solution, it is not possible to use the state parameter, remove this part.

If you choose to use the proxy_pass option, contact api@shoptet.cz to enable it for your addon.

There are some limitations if proxy_pass is used:

• Cookies have to be set with samesite=NONE; it is not possible to use cookie PHPSESSIONID (another name for session cookie is possible).
• URLs to “assets” (styles, javascripts, images) have to be called with absolute URL.
• Redirects, links, forms etc. have to use the base URL, must not leave the domain.
• It is necessary to take into account the page is displayed under different URL than it is generated.