The current GetShippingQuote & GetShippingMethods API endpoints do not return "User Groups" which are configured in the Maropost backend under the "User Group Visibility" checkbox options when setting up each Shipping Method. With these User Groups missing from the response, it exposes all the Shipping Methods to end users which in result gives an incorrect response as there is no opportunity to filter the initial query. The lack of User Group filtering and User Groups returned with the responses for each of these endpoints is a bug in my opinion, as it exposes sensitive data to end users without allowing the opportunity for client side filtering.
I propose the following updates:
- GetShippingQuote: Return all "User Groups" assigned with each Shipping Method result.
- GetShippingQuote: Add a User Group filter to control which Shipping Methods to be returned.
- GetShippingMethods: Return all User Groups assigned with each Shipping Method result.
