Migrating a haravan App from Legacy to OAuth Authentication


The process is simple but demands caution as there is no easy way to return to Legacy authentication.

Currently haravan uses OAuth 2.0 as the authentication standard for haravan applications, but some haravan applications are still using our legacy authentication system. It is important that developers update their applications to use OAuth, as our legacy authentication system will be deprecated and become unusable at some point in the future.

OAuth authentication uses a token generated from your app's pre-existing Legacy authentication. The algorithm is a simple MD5 of the sum of the application_secret + user_legacy_token. In Ruby, the code would be like this:

Digest::MD5.hexdigest(app_secret + merchant_current_legacy_token)

In PHP, the code would be like this:

md5($app_secret . $merchant_current_legacy_token)

The returned result will be the OAuth token. Before you can begin using it, you'll need to go to your app configuration panel and update to the new OAuth. Alternatively, you can create a new app (which will use OAuth) and test the generated OAuth token.

We strongly suggest that the transition occurs in small steps:

  1. Create a new column in the database as oauth_token (or any other name) and apply the digest algorithm for each merchant. Test to see if the calculation was successful.
  2. Locally, update your app's code to use OAuth (this means, updating the library of whatever your app needs) and make it use the new column (oauth_token) as the api_token.
  3. Push the new version of your app and change the app to use OAuth in the haravan app panel at the same time.
  4. Delete the old column storing the old Legacy token.

If your application stores the password for the Legacy authentication and not the client token, you don't need to do this migration. Just update your application code to use your current password as the OAuth token.

Your merchants should not notice anything but there may be a few seconds of downtime while the transition to OAuth occurs.

Keep in mind that transitioning to OAuth will grant these permissions to your app:

    - write_content
    - write_themes
    - write_products
    - write_customers
    - write_orders
    - write_script_tags
    - write_shipping

If you need more permissions then the ones shown, haravan will demand that the merchant re-authorize the app. This is a similar process to installing a new app.

You can test the generated token by trying to make a OAuth request to the merchant using the new token. To do this, create a new app through your haravan Partners dashboard (that uses OAuth) for testing.