Getting Started with CPS

Authentication

How to authenticate with CPS APIs
View as Markdown

The Convention Photography System uses different authentication methods depending on the platform and endpoint type.

Public Endpoints

Most photo gallery endpoints require no authentication:

  • Event browsing: GET /event
  • Photo viewing: GET /event/{eventCode}
  • Sub-folder access: GET /event/{eventCode}/{day}/{session}

These endpoints are publicly accessible to allow customers to browse available photos.

Order Endpoints

Ordering platform endpoints may require additional verification:

CAPTCHA Protection

Order submission requires CAPTCHA verification to prevent spam:

1// Example CAPTCHA integration

2import { verifyCaptcha } from 'captcha-service';

3

4const submitOrder = async (orderData) => {

5  const captchaToken = await verifyCaptcha();

6  const response = await fetch('/api/orders/create', {

7    method: 'POST',

8    headers: {

9      'Content-Type': 'application/json',

10    },

11    body: JSON.stringify({

12      ...orderData,

13      captchaToken

14    })

15  });

16  return response.json();

17};

Email Verification

High-value orders may require email confirmation:

  1. Submit order with email address
  2. Receive confirmation email with verification link
  3. Click link to complete order processing

Admin Endpoints

Administrative functions require authentication:

  • Order management: GET /api/orders/*
  • Status updates: PUT /api/orders/{id}
  • Shipping updates: POST /api/orders/{id}/update-shipping
  • Sales reports: GET /api/orders/summary

Admin Authentication

Contact CPS support for admin access credentials.

API Keys (Future)

Future versions may implement API key authentication for:

  • Third-party integrations
  • Bulk photo access
  • Automated order processing

Security Best Practices

Rate Limiting

  • Public endpoints: Unlimited browsing
  • Order endpoints: CAPTCHA required
  • Admin endpoints: Authenticated access only

Data Protection

  • Customer emails encrypted in transit
  • Order data stored securely in Google Sheets
  • Shipping addresses validated via USPS

CORS Policy

All APIs include CORS headers for web integration:

Access-Control-Allow-Origin: *

Access-Control-Allow-Methods: GET, POST, PUT

Access-Control-Allow-Headers: Content-Type, Authorization


## Using components



Fern provides [built-in components](https://buildwithfern.com/learn/docs/writing-content/components/overview) for common documentation patterns:



<div>

<Note>

Highlight important information with callouts.

</Note>



<CardGroup cols={2}>

  <Card title="First card" href="/page-one">

    Card description

  </Card>

  <Card title="Second card" href="/page-two">

    Another description

  </Card>

</CardGroup>

</div>



```jsx Markdown

<Note>

Highlight important information with callouts.

</Note>



<CardGroup cols={2}>

  <Card title="First card" href="/page-one">

    Card description

  </Card>

  <Card title="Second card" href="/page-two">

    Another description

  </Card>

</CardGroup>