When the marketplace is set to private, the following API endpoints become restricted:
GET "/users/show"
GET "/listings/show"
GET "/listings/query"
GET "/timeslots/query"
GET "/reviews/query"
GET "/reviews/show"
GET "/sitemap_data/query_listings"
Affected public routes on template
The following public routes are impacted and become private:
SearchPage (/s)
ListingPage (/l/:slug/:id & /l/:id)
ProfilePage (/u/:id)
Styleguide (/styleguide)
Behavioral changes when private marketplace is enabled
The unauthenticated users:
Redirected to the SignupPage when attempting to access any of the affected routes.
The pending-approval users:
Redirected to the NoAccessPage (/no-user-approval) when attempting to access search, listing, or profile page.
The active users:
Can access and view the content of the affected routes normally.
SEO considerations
/robots.txt: disallow also /s, /l, and /u
There's a simple memory cache added (1 day) to reduce the load on your Node server.
/sitemap-index.xml: don't list the sitemap-recent-listings.xml
/sitemap-recent-listings.xml: 404 File Not Found
/sitemap-default.xml: /s is not included.
Notes
It's also possible that the access-control.json asset is out of sync!
This can happen because there's a cache on live environments. In addition, a client app fetches it only on full page load.
Outdated asset with marketplace.private: true: app behaves as private marketplace
Outdated asset with marketplace.private: false: app shows those pages
If API returns 403 Forbidden for the query & show endpoints, user is redirected to SignupPage or NoAccessPage
To test how the app handles out-of-sync scenarios:
Ensure the marketplace is public.
Reload the client app (to load the current access-control.json asset).
Switch the marketplace to private.
Click on links leading to the SearchPage, ListingPage, or ProfilePage. Depending on the user's authentication & state, different results should appear.
About implementation:
The routeConfiguration.js needs info from /general/access-control.json asset. If the marketplace has "private" flag on, it adds auth:true flag to the aforementioned routes.
Then the affected pages (SearchPage, ListingPage, and ProfilePage)
a) restrict what data they fetch on loadData
b) redirect users to Signup or NoAccessPage depending on the private marketplace mode & error thrown by API.
On client-side rendering, there's fetch for the currentUser entity and it's enforced to happen before loadData call is made. However, on SSR the currentUser entity is not fetched. (We try to avoid the SSR from being user-specific.)
This allows you to make your marketplace private.
Upcoming API Impact
When the marketplace is set to private, the following API endpoints become restricted:
Affected public routes on template
The following public routes are impacted and become private:
/s)/l/:slug/:id&/l/:id)/u/:id)/styleguide)Behavioral changes when private marketplace is enabled
/no-user-approval) when attempting to access search, listing, or profile page.SEO considerations
/s,/l, and/u/sis not included.Notes
It's also possible that the access-control.json asset is out of sync! This can happen because there's a cache on live environments. In addition, a client app fetches it only on full page load.
marketplace.private: true: app behaves as private marketplacemarketplace.private: false: app shows those pagesAbout implementation:
The routeConfiguration.js needs info from /general/access-control.json asset. If the marketplace has "private" flag on, it adds
auth:trueflag to the aforementioned routes.Then the affected pages (SearchPage, ListingPage, and ProfilePage) a) restrict what data they fetch on loadData b) redirect users to Signup or NoAccessPage depending on the private marketplace mode & error thrown by API.
On client-side rendering, there's fetch for the currentUser entity and it's enforced to happen before loadData call is made. However, on SSR the currentUser entity is not fetched. (We try to avoid the SSR from being user-specific.)