We are excited to announce the latest addition to our order management feature set - Order Transfers. This feature enables seamless transfer of orders from guest accounts to registered accounts. It allows commerce companies to improve loyalty and customer experience for registered users.
Privacy-safe transfers work seamlessly with Medusa's registered accounts, adding to Medusa's wide set of tools for making reliable and secure custom commerce applications easy to build.
“Where is my order”?
Ecommerce customers often make initial purchases as a guest and then later register an account with the store. The order email and the registered account email are the same, so it may seem natural to just automatically transfer all orders to the newly registered account if it has the same email. This, however, opens up your store to a data privacy issue.
A malicious user could try to register with a bunch of different emails to have orders automatically transferred to newly created accounts. If that happens they would obtain information like names and addresses of other customers.
To ensure Medusa stores are safe from such attacks, we have implemented an order transfer process that includes a confirmation step. See a diagram of the flow below:
Registered customers can request an order transfer if they provide an order id. Upon request, an email is sent to the original owner of the order to accept (or decline) the order transfer request. After the transfer is approved, the order is associated with the new account.
Store administrators can create order transfer requests on behalf of any registered customer as well. After the store administrator creates a transfer, the original owner is notified and can accept or decline the transfer.
How it works
Making the right abstractions is crucial when building software, especially when creating foundational building blocks. Our Order Change API is a perfect example of such an abstraction. It is used for building most of the order management flows such as returns, claims, order edits etc.
With the Order Change API, we ensure that the order's history is traceable, and previous order versions can be reconstructed. This is helpful for customer service agents to understand an order's progression, and useful when integrating with third-party tools like accounting and ERP systems as you can react to each version change.
Here's how we used Order Change API internally to build the Order Transfer functionality. By combining Order Change API with the Workflow engine, we demonstrate how our building blocks make it simple to create core commerce features:
123456789101112131415161718192021222324252627282930313233343536373839404142434445/*** Request order transfer workflow*/requestOrderTransferWorkflow({ userId, orderId, customerId }) {// generate a token that will be sent to// the guest user to be able to accept the transferconst token = generateTokenStep()// create an Order Changeconst change = createOrderChangeStep({orderId,change_type: ChangeType.TRANSFER,created_by: userId,})// create an action for the change that// holds details about the transfercreateOrderChangeActionsWorkflow.runAsStep({action: ChangeActionType.REQUEST_TRANSFER,details: {token,reference: customerId, // the id of the new owneroriginalEmail: order.email,},})// dispatch an event to send an email with the token to the current order owneremitEventStep(ORDER_TRANSFER_EVENT, { orderId })}/*** Accept order transfer workflow*/orderTransferAcceptedWorkflow({ orderId, token }) {// validate that the user provided correct tokenvalidateTokenStep({ token, orderChange })// apply the change on the orderconfirmOrderChangesStep({orderId,changes: [orderTransferChange],})}
Try it out
Check out Order Transfers release here. To add it to your store, this implementation in our storefront starter is a good reference. Also, check out the Order Change API, if you need to implement a custom order management flow.
