allow either superuser key or commerce JWT as the bearer token to call the sync API. If the token matches the superuser key, allow the call to proceed, otherwise call commerce-api to validate the token. If the token is invalid, reject the request. If it's valid, decode the payload and check the roles. If it contains admin then allow the call to continue.
allow either superuser key or commerce JWT as the bearer token to call the sync API. If the token matches the superuser key, allow the call to proceed, otherwise call commerce-api to validate the token. If the token is invalid, reject the request. If it's valid, decode the payload and check the roles. If it contains
adminthen allow the call to continue.