Pimcore Data hub - User authentication, example use cases etc

Hello eveyrone

We are building a new e-commerce application based on Pimcore, where our frontend interfaces will be built on Vue.js.
Therefore, we are looking for the best way to build our API which will be the main communication channel between the frontend (Vue) and backend (Pimcore).

Naturally, we’re looking into the Pimcore Data Hub, which -according to the Pimcore dev team- “will become the universal tool for getting data in and out of the Pimcore platform” and provides “easier connectivity with Content-as-a-Service (CAAS) frontends such as React, Vue, and PWAs”. So, in theory, this looks very promising and perfect for our use case.

However, from the get-go, we’ve become a bit confused as to how we could use the data hub in our case (or any case).

First of all, there doesn’t seem to be any way to authenticate using a “customer” (or front-end user, call it what you may), so you can get information that belongs to this user, like orders. So, even for something simple like that (get X customer’s orders) we can’t see how it could be done via the data hub, unless we build an extra REST middleware which kind of beats the point.

Even to get products (the most important building block of PIMcore), we don’t see how we could get them if for example their prices are affected by specific offers that only apply to some customers, or some customers are not allowed to view some products, or we implement custom price lists that also apply to some customer(s).

So, with the exception of very simple content like blog posts (as in the data hub’s example video), we don’t see how we could use the data hub.

Therefore, in my mind there are 3 options:

  • The data hub can only be used for globally available content like blog posts, but this seems like a very niche use case.
  • You do the filtering on the frontend, but this is reeeeally insecure and not something any sane person would do.
  • We’re missing something major.

I would love to think that it’s the 3rd option and we are indeed missing something major, which someone here could help us see.

Thanks very much in advance.