Entity Product Access Service

Back

Overview

Entity Product Access controls which products are accessible to specific entities (customers or suppliers).

Each Entity Product Access record defines:

• entity identifier (EntityId) - typically a customer or supplier
• product identifier (ProductId)

Entity Product Access enables fine-grained product visibility control per entity, allowing certain products to be hidden from or made exclusively available to specific entities. Access is checked when loading product listings scoped by entity.

All entity product access operations are tenant-aware and fully audited.

Endpoints

Back to Pricing

GET

/api/v1/EntityProductAccess/entity/{entityId}/product/{productId}

Returns the product access record for a specific entity-product combination.

Route parameters:

• entityId (long, required)
• productId (long, required)

Behavior:

• Looks up access record by (EntityId, ProductId)
• Returns access details if found

Errors:

• Returns 404 if no access record exists

Response:

• EntityProductAccessModel

Authorization:

• Requires Bearer Token

POST

/api/v1/EntityProductAccess

Creates a new entity product access record.

Request body (EntityProductAccessModel):

• EntityId (long, required, must be > 0)
• ProductId (long, required, must be > 0)

Behavior:

• Validation is enforced in the service layer
• Only one access record can exist per (EntityId, ProductId) pair
• Successful creation writes an audit log entry

Errors:

• Returns 400 if:
  • request body is invalid
  • access record already exists for (EntityId, ProductId)
  • database insert fails or other internal error occurs

Authorization:

• Requires Bearer Token

DELETE

/api/v1/EntityProductAccess/entity/{entityId}/product/{productId}

Deletes an entity product access record by (EntityId, ProductId).

Route parameters:

• entityId (long, required)
• productId (long, required)

Behavior:

• Performs a hard delete
• Successful deletion writes an audit log entry

Errors:

• Returns 400 if the access record does not exist

Authorization:

• Requires Bearer Token

Notes

• Validation is enforced in the service layer, not via model attributes
• (EntityId, ProductId) is treated as a unique pair (duplicates are blocked)
• Entity product access is used to filter product listings scoped by entity
• Internal errors are logged and not exposed to API consumers