Customer-priced catalog with a shopper token

Anonymous catalog reads show list content, but a B2B shopper expects their contract pricing and credit standing. Once a shopper signs in, attach their shopper token to a secret-key request and Harmon scopes everything - pricing, orders, invoices, credit - to that customer automatically.

What you need

A secret key (hk_test_sec_…) - customer-scoped reads reject a publishable key with 403.
A shopper token (X-Storefront-Shopper-Token) from the auth login flow. The token carries the customer_id; you never send it yourself.

Secret keys are server-side only

Run every call here from your backend. A hk_*_sec_… key must never reach a browser.

1. Identify the signed-in shopper - `GET /v1/me`

Confirm the token resolves to the customer you expect before showing prices.

curl -s "https://api.harmon.example/v1/me" \
  -H "Authorization: Bearer hk_test_sec_your_key_here" \
  -H "X-Storefront-Shopper-Token: <shopper jwt>"

A shopper token issued for a different merchant than the key's is rejected 403 - the merchant boundary holds even with a valid token.

2. Show contract pricing

Catalog content is identical anonymous-or-not; the customer-specific price comes from pricing a cart of what they're viewing with the shopper token attached. Each priced line carries the customer's contract unit_price plus tax/GCT.

# 1) Browse the catalog (anonymous fields).
curl -s "https://api.harmon.example/v1/products?page=1&page_size=12" \
  -H "Authorization: Bearer hk_test_sec_your_key_here" \
  -H "X-Storefront-Shopper-Token: <shopper jwt>"

# 2) Price the selection FOR THIS CUSTOMER - contract prices + tax/GCT.
curl -s -X POST "https://api.harmon.example/v1/carts/$CART_ID/price" \
  -H "Authorization: Bearer hk_test_sec_your_key_here" \
  -H "X-Storefront-Shopper-Token: <shopper jwt>"

3. Surface credit standing

Show available credit before checkout so an over_credit_limit block is never a surprise.

curl -s "https://api.harmon.example/v1/me/credit-status" \
  -H "Authorization: Bearer hk_test_sec_your_key_here" \
  -H "X-Storefront-Shopper-Token: <shopper jwt>"

Next steps

Cart → COD checkout - turn the priced cart into an order.
Authentication & keys - how shopper tokens and the capability split fit together.

In the API Reference

Open these operations in the interactive reference (with a Try it console):

GET /v1/me - the signed-in customer
GET /v1/me/credit-status - credit standing
POST /v1/carts/{cart_id}/price - customer-priced lines

Customer-priced catalog with a shopper token ​

What you need ​

1. Identify the signed-in shopper - GET /v1/me ​

2. Show contract pricing ​