Appearance
Customer Account Management
Flow ID: CF-11 | Module(s): eshop, Customer domain | Complexity: Medium
Business Overview
The customer account area provides profile management, order history with real-time courier tracking, wishlist, and password changes.
Key features:
- Dual address management (billing + shipping)
- Order tracking via encrypted URLs integrating with 12+ courier APIs
- Wishlist with AI recommendation sync
- Password change with current password verification
API Reference
REST Endpoints
| Method | Path | Auth | Description |
|---|---|---|---|
| GET | /rest/customer/me | Customer JWT | Get own profile |
| POST | /rest/customer/me | Customer JWT | Update profile (restricted fields) |
| POST | /rest/customer/me/password | Customer JWT | Change password |
| GET | /rest/order/order | Customer JWT | Order history |
Self-edit uses an allowlist: only fields in SELF_SERVICE_FIELDS (src/Rest/Customer/Controllers/Customer.php) are accepted. All other fields are silently dropped, including mail (matches legacy storefront behavior where the email input is disabled and Adv_customer::update_info() never saves it). Allowed: name, surname, landphone, mobilephone, birthdate, gender, billing address, shipping address, company details, lang.
Legacy Storefront
| URL | Method | Purpose |
|---|---|---|
/customer/account_info | account_info() | Dashboard |
/customer/order_history | order_history() | Orders (pending/finished/canceled) |
/customer/order_track/{encrypted} | order_track() | Real-time tracking |
/customer/wishlist | wishlist() | Saved products |
/customer/update_info | update_info() | Edit billing address |
/customer/edit_shipping | edit_shipping() | Edit shipping address |
/customer/update_my_password | update_my_password() | Change password |
Order Tracking
Encrypted order ID in URL → decrypted → resolves transporter → calls TrackAndTrace::track(). Supports: Geniki v1/v2, ACS, ELTA, Speedex, DHL, EasyMail, BoxNow, CyprusPost, Taxydema v1/v2, Center, ASAP.
Client Extension Points
viewExtras()hook: Add custom data to account pages- Postal validation:
postalCheck[$country]callback per country - View templates: Override
{client_views}/customer/
Legacy AJAX API
These endpoints are served by AdvApiCustomer (ecommercen/api/controllers/AdvApiCustomer.php) and provide customer self-service actions from the storefront. The controller extends Customer (requires customer session). Request bodies are JSON (parsed via jsonDecodeInputStream()) except getCustomerIsSignedUpViber which is GET.
Base path: /api/customer/{method} (routed via api/api_customer)
| Method | Path | Parameters | Auth | Response | Description |
|---|---|---|---|---|---|
| POST | /api/customer/addBirthDay | date (string, required, valid date) | Customer session | {} | Set or update the logged-in customer's birthdate |
| POST | /api/customer/setViberPhone | phone (string, required, valid mobile), addToViber (bool) | Customer session | {detail: string} | Sign up or remove the customer from Viber SMS marketing; if addToViber is truthy saves the phone number, otherwise deletes the record |
| GET | /api/customer/getCustomerIsSignedUpViber | (none) | Customer session | {isSignedUpViber: bool} | Check whether the logged-in customer is signed up for Viber marketing; returns 401 if not logged in |
Error format: {error: {field: message}, statusCode: 400, statusMsg: "Bad Request"} for validation failures.
Related Flows
- CF-10 Customer Auth — login/register
- CF-17 Wishlist — wishlist management
- CF-32 Loyalty Points — customer loyalty points balance
- AD-04 Customer Management — admin view
- AD-33 Multi-Carrier Tracking — courier tracking integration
- IN-09 Transporter Integrations — courier API details