Try our conversational search powered by Generative AI!

AI OnAI Off

ServiceAPI: When getting price by entry code and priceID, can return price of different entry

Found in

EPiServer.ServiceApi 5.4.0

Fixed in

EPiServer.ServiceApi 5.4.2

(Or a related package)

Created

Sep 18, 2019

Updated

Mar 27, 2020

State

Closed, Fixed and tested

Description

Precondition: Serviceapi Commerce was installed and configured for a Quicksilver site

Steps to reproduce

  1. Get Price by entry code and priceID. For example "url/episerverapi/commerce/entries/SKU-36127195/prices/1"

Expected:
Should return a 404 not found because SKU-36127195 does not have priceID = 1.

Actual:
Returns a 200 ok with priceID = 1 of different entry. Users can get all priceIDs that way.

{ "PriceValueId": 1, "CatalogEntryCode": "SKU-22153144", "MarketId": "AUS", "PriceTypeId": "AllCustomers", "PriceCode": "", "ValidFrom": "2015-04-22T11:43:10Z", "ValidUntil": "2035-04-22T11:43:10Z", "MinQuantity": 0.000000000, "UnitPrice": 6.500000000, "CurrencyCode": "AUD" }