Order validation

Creating Snipcart products boils down to adding a button to your site and defining it with data attributes.

You may wonder:

"What if I change product information with my browser developer tools? I'll be able to tamper with the price and place fraudulent orders."

Our order validation process is how we guarantee order integrity through the whole checkout.

Product data-item-url attribute

When configuring a product, there's a required attribute called data-item-url.

Before completing an order, Snipcart makes an HTTP request to the value specified in this attribute. We make sure the price and other important information have not been altered via browser developer tools.

You can read more about this in the security entry.

The specified URL must be the one where the Snipcart buy button for the product is available.

Important notice: For users with a single-page website, the data-item-url field should only be filled with your root domain name, such as www.example.com, or with a simple slash bar /.

Allowed domains

Before you start selling, you need to allow domains and sub-domains where Snipcart can crawl your products. In your dashboard, under Store configurations → Domains & URLs, you can set your default domain name as well as the additional allowed domains and sub-domains.

For instance, if the data-item-url value is http://test.mysite.com/products/1 and your default domain is mysite.com, our validation will fail. You need to add test.mysite.com in the allowed sub-domains for it to work.

If you want, you can also use a relative URL (/products/1). But we only validate the product in your default domain name. So, in the example above, if the data-item-url value was /products/1, we would make the HTTP request to validate the information to http://mysite.com/products/1.

To specify a relative URL, the data-item-url value must start with a /.

JSON crawler

When Snipcart validates an order's integrity, it uses the value specified in each product's data-item-url attribute.

Most times, the value specified for this attribute will be the unique URL where you're selling the item. However, merchant sites can sometimes require more complex validation scenarios.

If that's your case, there's an alternative to our default HTML crawler: our JSON crawler.

When Snipcart makes the request to the URL, if your response Content-Type header is application/json, we'll use our JSON validator instead of the HTML one.

You must return us a JSON having the following properties.

{
  "id": "20",
  "price": 50.00,
  "url": "https://snipcart.com/products/1.json"
}

The id, price and url fields are mandatory, and they must be the same ones you specified in the product definition in your HTML.

Note that the object you return may contain other properties, but only those affecting the price of your products will be considered.

If you are using our multi-currency feature, the price property can be a hash with multiple currencies.

{
  "id": "20",
  "price": {
    "usd": "30",
    "cad": "35"
  },
  "url": "/"
}

You can also return an array containing multiple objects as defined above.

[
  {
    "id": "20",
    "price": 50.00,
    "url": "https://snipcart.com/products.json"
  },
  {
    "id": "21",
    "price": 100.00,
    "url": "https://snipcart.com/products.json"
  }
]

This can be useful when your website is API-driven, using a single page application framework such as React or Vue.

Fetching products from a JSON document

From our dashboard, you can fetch products if you need to set inventory stock, for instance. If you are using our JSON validator you can also use your JSON documents to fetch products.

The document can be a JSON file containing all of your products in an array or a product individually.

The following example is a single product that can be fetched. Please note that this example also sets default stock levels.

{
  "id": "JSON_PRODUCT",
  "name":  "JSON Product",
  "url": "/products.json",
  "price": 20.00,
  "image": "http://placehold.it/300x300",
  "inventoryManagementMethod":  "Variant",
  "dimensions": {
    "weight": 300,
    "width": 20,
    "height": 10,
    "length": 30
  },
  "variants": [
    {
      "variation": [
        {
          "name": "Color",
          "option": "Red"
        },
        {
          "name": "Size",
          "option": "Small"
        }
      ],
      "stock": 10,
      "allowOutOfStockPurchases":  true
    }
  ],
  "categories": ["category1", "category2"],
  "customFields": [
    {
      "name": "Size",
      "options": "Small|Medium|Large",
      "type": "dropdown"
    },
    {
      "name": "Color",
      "options": "Red|Blue|Green",
      "type": "dropdown"
    }
  ]
}

Validating the request

Please refer to this entry to learn how to secure any endpoints that handle requests from Snipcart.