Security & Access Control
- All endpoints require customer authentication except order tracking
- Customers can only access their own data (addresses, orders, favorites)
- Tokens are validated on each request
Filtering & Search
- Most endpoints support extensive filtering, searching, and ordering
- Date filters accept ISO 8601 format
- Range filters support min/max values
- Multi-value filters use comma-separated lists
Data Relationships
- Addresses include nested country/state/city data for display
- Orders include related payment and shipping method details
- Products in favorites retain full product information and pricing
Address Management
- Geographic validation ensures state belongs to country and city belongs to state
- Only one default address allowed per customer
- Address creation automatically associates with authenticated customer
Order Management
- Orders are read-only for customers
- Detailed order view includes items and payment history
- Public tracking available via order key without authentication
Favorite Products
- Supports all product filtering capabilities
- Products must be active to be added to favorites
- Removing non-existent favorites returns 404