Thanks for warnings. I’m not in production yet. To me it looks like restapi2 is not quite production capable either.
I’ve done all I can to harden the Rest API. I use these settings:
- Require SSL on Rest API calls: yes
- IP Address that is allowed to access the API: my Web Shop server ip address
- Require the secret code for Rest API calls: yes
I’ve also added quite comprehensive error logging into the Rest API Client, as well as modal dialogs showing limited error information to customers (and to my self, when testing).
No subscriber will be automatically confirmed. New subscribers get the standard email message asking for confirmation.
The phpList integration is inserted into the Web Shop as follows:
Customers purchasing without an account
During the checkout, when they enter their email, I notify if they haven’t subcribed or confirmed. In the first case they are offered an option to subscribe. In the latter case, they are offered an option to resubscribe (e.g. if they don’t have the previous message asking for confirmation any more).
If they resubscribe, I simply delete the unconfirmed subscriber with the subscriberDelete function and add a new one. This ensures that the message asking for confirmation is sent.
Customers registering an account
The procedure is basically the same as in #1.
Registered customers changing the details
Customers can subscribe/unsubscribe a newsletter. In the latter case I use the subscriberDelete function.
Restapi2 misses the subscribe function. Also, the are no sendMail calls, like in the version I use. Any plans to add these?
It would also be nice to optionally send an email when unsubscribing using the Rest API.
Please add user cleanup also to restapi2:).
I’m not sure about GDPR and blacklisted subscribers. The tables user_blacklist and user_blacklist_data contain their email addresses.