External order validation

How to validate orders via external services

Sometimes, you may need to perform custom validation on orders, as an additional step before the order placement. For example, this could be useful in case you want to support different or more complex validation rules specific to your business logic.

If you want to use the external order validation feature in a , fill in the market's external_order_validation_url field with your external service endpoint and make sure your service is compliant with the specifications described below.

Triggering external validation

When you want to validate an order based on your external logic, it and set the _validate attribute to true:

curl -g -X PATCH \
  'https://yourdomain.commercelayer.io/api/orders/xYZkjABcde' \
  -H 'Accept: application/vnd.api+json' \
  -H 'Authorization: Bearer your-access-token' \
  -H 'Content-Type: application/vnd.api+json' \
  -d '{
    "data": {
      "type": "orders",
      "id": "xYZkjABcde",
      "attributes": {
        "_validate": true
      }
    }
  }'

Upon this call, Commerce Layer triggers a POST request to the specified external_validation_url endpoint, sending the order payload (including the related line items) in the request body.

To check if an external order validation has been triggered you can inspect the order's validations_count attribute and make sure it gets incremented.

Request

billing_address
shipping_address
line_items.item
line_items
market
customer
shipments
shipments.shipping_method

{
  "data": {
    "id": "wBXVhKzrnq",
    "type": "orders",
    "links": { ... },
    "attributes": { ... },
    "relationships": { ... },
    "meta": { ... }
  },
  "included": [
    {
      "id": "DvlGRmhdgX",
      "type": "markets",
      "links": { ... },
      "attributes": { ... },
      "relationships": { ... },
      "meta": { ... }
    },
    {
      "id": "kdPgtRXOKL",
      "type": "line_items",
      "links": { ... },
      "attributes": { ... },
      "relationships": { ... },
      "meta": { ... }
    },
    {
      "id": "XGZwpOSrWL",
      "type": "skus",
      "links": { ... },
      "attributes": { ... },
      "relationships": { ... },
      "meta": { ... }
    }
    {
      "id": "BgnguJvXmb",
      "type": "addresses",
      "links": { ... },
      "attributes": { ... },
      "relationships": { ... },
      "meta": { ... }
    },
    {
      "id": "AlrkugwyVW",
      "type": "addresses",
      "links": { ... },
      "attributes": { ... },
      "relationships": { ... },
      "meta": { ... }
    },
    {
      "id": "FdefrQxCba",
      "type": "shipments",
      "links": { ... },
      "attributes": { ... },
      "relationships": { ... },
      "meta": { ... }
    },
    {
      "id": "SfdyHtjfBF",
      "type": "shipping_methods",
      "links": { ... },
      "attributes": { ... },
      "relationships": { ... },
      "meta": { ... }
    },
    { ... }
  ]
}

Response

Your service response (or error) must match the format described in the example below.

Remember to pass the attribute-specific errors within the data object, associating them with the related order's attribute. If some error is not associated with any particular attribute use the base key (automatically filled with the error messages associated with any invalid attribute, if present).

Example

The successful response must be a JSON object, returning an empty body, meaning that the external logic running the validation has found no errors:

{
  "success": true,
  "data": {}
}

On error, you must respond with an HTTP code >= 400. The response body must be a JSON object containing the names of the order's attributes that generated the error(s) and one (a string) or more (an array) associated error message(s) as the value of the data key, plus any other relevant error code and message as the value of the error key:

{
  "success": false,
  "data": {
    "line_items": ["must be at least 3", "cannot weight more than 2000gr"],
    "shipping_address": "is not recognized by our geo-location service",
    "base": "standard error"
  },
  "error": {
    "code": "YOUR-ERROR-CODE",
    "message": "Your error message"
  }
}

Security

When you activate external validation, a shared secret is generated at the market level. We recommend verifying the callback authenticity by signing the payload with that shared secret and comparing the result with the callback signature header.

PreviousExternal resources NextExternal prices

Last updated 6 months ago

curl -g -X PATCH \ 'https://yourdomain.commercelayer.io/api/orders/xYZkjABcde' \ -H 'Accept: application/vnd.api+json' \ -H 'Authorization: Bearer your-access-token' \ -H 'Content-Type: application/vnd.api+json' \ -d '{ "data": { "type": "orders", "id": "xYZkjABcde", "attributes": { "_validate": true } } }'

{ "data": { "id": "wBXVhKzrnq", "type": "orders", "links": { ... }, "attributes": { ... }, "relationships": { ... }, "meta": { ... } }, "included": [ { "id": "DvlGRmhdgX", "type": "markets", "links": { ... }, "attributes": { ... }, "relationships": { ... }, "meta": { ... } }, { "id": "kdPgtRXOKL", "type": "line_items", "links": { ... }, "attributes": { ... }, "relationships": { ... }, "meta": { ... } }, { "id": "XGZwpOSrWL", "type": "skus", "links": { ... }, "attributes": { ... }, "relationships": { ... }, "meta": { ... } } { "id": "BgnguJvXmb", "type": "addresses", "links": { ... }, "attributes": { ... }, "relationships": { ... }, "meta": { ... } }, { "id": "AlrkugwyVW", "type": "addresses", "links": { ... }, "attributes": { ... }, "relationships": { ... }, "meta": { ... } }, { "id": "FdefrQxCba", "type": "shipments", "links": { ... }, "attributes": { ... }, "relationships": { ... }, "meta": { ... } }, { "id": "SfdyHtjfBF", "type": "shipping_methods", "links": { ... }, "attributes": { ... }, "relationships": { ... }, "meta": { ... } }, { ... } ] }

{ "success": false, "data": { "line_items": ["must be at least 3", "cannot weight more than 2000gr"], "shipping_address": "is not recognized by our geo-location service", "base": "standard error" }, "error": { "code": "YOUR-ERROR-CODE", "message": "Your error message" } }