Security

After logging in through the login API, the current user obtains a token. This token is sent to the backend API, which parses the token to identify the user and matches it with their associated organization list.

If the current user is associated with only one organization, they can only access data under that organization. If the user is associated with multiple organizations, they must include the X-S2-Organization parameter in the header when requesting other APIs to retrieve products, orders, etc. The value of the X-S2-Organization parameter should be the organizationId of the organization they wish to access. This organizationId must be in their associated organization list, otherwise, an unauthorized error will be returned.