Services | Back-end | Credit Control API

Hello Community!

We are presenting the following problem: we need to create a service (middleware) for the Credit Control API. The goal is to build a Custom Page in My Account to display the customer’s Credit information.

The service is returning 403.

Policy attachments added.

1dsdsCaptura744×840 101 KB

image619×289 14.1 KB

image647×344 29.3 KB

https://{accountName}.{environment}.com.br/api/creditcontrol/accounts

Do you have any idea why this might be happening?

Is there a policy missing?

Thank you. Best regards.

@georgebrindeiro

@developer-vtex-01 hey!
I believe you’ve probably already seen VTEX’s examples:

• https://github.com/vtex-apps/service-example

• https://github.com/vtex-apps/graphql-example

But if not, you can use them as a starting point. Below I’ll share an example of how I use policies when working with VTEX APIs as services and/or middleware.

I saw the evidence in your post — you’re calling portal.vtexcommercestable.com.br

Is portal your account_name?

{
      "name": "outbound-access",
      "attrs": {
        "host": "{{account}}.vtexcommercestable.com.br",
        "path": "*"
      }
    },
    {
      "name": "outbound-access",
      "attrs": {
        "host": "{{account}}.myvtex.com",
        "path": "*"
      }
    },
    {
      "name": "outbound-access",
      "attrs": {
        "host": "api.vtex.com/{{account}}",
        "path": "*"
      }
    },
    {
      "name": "outbound-access",
      "attrs": {
        "host": "ache.com.vc",
        "path": "/api/*"
      }
    }

In my client files I usually use this header format in the constructor, always adapting it to the required attributes according to the documentation. I’m not sure all that information is strictly necessary, though. Here BASE_URL_VTEX, APP_KEY, and APP_TOKEN are const values as strings, matching your sensitive credentials.

constructor (ctx: IOContext, options?: InstanceOptions) {
        super(BASE_URL_VTEX, ctx, {
            ...options,
            headers: {
                ...(options && options.headers),
                ...{ Accept: 'application/vnd.vtex.ds.v10+json' },
                ...{ 'Content-Type': 'application/json' },
                ...(ctx.adminUserAuthToken
                ? { VtexIdclientAutCookie: ctx.adminUserAuthToken }
                : { 'X-VTEX-API-AppKey': APP_KEY }),
                ...(ctx.storeUserAuthToken
                ? { VtexIdclientAutCookie: ctx.storeUserAuthToken }
                : { 'X-VTEX-API-AppToken': APP_TOKEN }),
            },
        })
}

Some other articles on the topic:

• Policies

• Service

Hello! Thank you for your response. I’ll check on it. Appreciated. Best regards.

Hello! Solution in the attachment.

It was necessary to add the key name in the object and as value main_access

This is for the credit control API.

image565×203 49.3 KB

Regards.