Server-first Commerce Scaffold
Next.js 15 + Django REST storefront starter
Production-ready foundations for the Orchestra catalog. All data is fetched on the server with the required service key, keeping tokens out of the browser while enabling SEO-friendly item listings.
Server-only API calls
All requests to /api/items/... go through Next.js with the X-Service-Key header injected automatically. Add user tokens to reach protected data without exposing secrets to the browser.
Auth & RBAC ready
Login uses a Next.js route handler that stores the Django token in an HTTP-only cookie. Private pages load on the server, fetch with both the service key and user token, and fall back gracefully on 401/403 responses.