loads items into a shopping cart and then proceeds to review his order and net value of the purchase
presses 'Go to Payment', which sends an request with a representation of their order details to /store/checkout (with authentication details)
Then, the backend
[x] receives the request and stores its details into the database describing them as a 'pending transaction'
[x] sends a request to an external checkout microservice, which should return an URL and token to proceed to the actual payment
[x] either if the request succeeds or fails, updates the status and aggregates data on the recent pending transaction
[x] responds to the customer with said url and token
Thus, the customer should:
proceed to the payment url using the token
do their thing, or cancel the transaction, or have their payment method be rejected, all three of which send another request to /store/checkout/validate with the token id (but this time without the normal authentication)
Once again, the backend should:
[x] validates there is a correct token in the request, since there's no authentication
[x] takes the token, finds the pending transaction, validates transaction date and status reported by the payment service
[x] then sends a redirection to a receipt/failure page
From the receipt page, the frontend will query the result details. Thus, finally, the backend should implement latest changes in the Store API (v2.2):
[x] expose an API /store/receipt/{id}
[x] fetch details (status, amount, products/units, etc) based on the sent id
[x] transform those details into a Receipt object (introduced in the latest API changes) and send it back to the customer
The checkout flow can be described as follows.
At the frontend, the customer:
/store/checkout
(with authentication details)Then, the backend
Thus, the customer should:
/store/checkout/validate
with the token id (but this time without the normal authentication)Once again, the backend should:
From the receipt page, the frontend will query the result details. Thus, finally, the backend should implement latest changes in the Store API (v2.2):
/store/receipt/{id}