MiddlewareConfig
Configuration settings for the middleware API client.
export interface MiddlewareConfig {
cache?: boolean;
callbacks?: {
auth?: {
onSessionTimeout?: (isGuest: boolean) => Promise<void> | void;
onTokenChange?: (tokenData: TokensResponse) => Promise<void> | void;
onPasswordResetTokenGenerated?: (tokenData: ResetPasswordToken) => Promise<any>;
};
};
clientHeaders: ClientHeaders;
commerceApiVersion?: string;
cookieNames?: CookieNames;
cookieOptions?: Record<string, CookieOptions>;
currency?: string;
defaultHeaders?: Record<string, string>;
disableLongLivedLogin?: boolean;
jwtEncryption?: {
publicKey: KeyLike;
privateKey: KeyLike;
};
locale?: string;
logLevel?: LogLevelDesc;
middlewareOrigin?: string;
ocapiClientId?: string;
ocapiClientSecret?: string;
ocapiEndpoints?: {
[T in keyof ApiSelectableEndpoints]?: boolean;
};
ocapiJwtToken?: string;
ocapiVersion: string;
omnichannelInventoryOrgId?: string;
organizationId?: string;
origin: string;
overrideHttpPut?: boolean;
scapiClientId?: string;
scapiClientSecret?: string;
scapiJwtToken?: string;
scapiRefreshToken?: string;
shortCode?: string;
siteId: string;
slasClientId?: string;
slasClientSecret?: string;
slasLoginTimeout?: number;
timeout?: number;
usid?: string;
viewType?: string;
}Properties
| Name | Required | Type | Description |
|---|---|---|---|
cache | Optional | boolean | If set to false an additional timestamp parameter is added to all API GET calls to prevent caching {Boolean} true |
callbacks | Optional | { auth?: { onSessionTimeout?: (isGuest: boolean) => Promise<void> | void; onTokenChange?: (tokenData: TokensResponse) => Promise<void> | void; onPasswordResetTokenGenerated?: (tokenData: ResetPasswordToken) => Promise<any>; }; } | Callbacks that will be used for state changes within the client's lifecycle. |
clientHeaders | Required | ClientHeaders | Custom headers to send with every API request. |
commerceApiVersion | Optional | string | The version of the Salesforce B2C Commerce Commerce API. |
cookieNames | Optional | CookieNames | The names of the cookies for the Salesforce B2C Commerce JSON web tokens. |
cookieOptions | Optional | Record<string, CookieOptions> | Customizable cookie options. By default all cookies have the following options: { httpOnly: true, sameSite: 'strict', secure: true } - Note: The provided options will be merged with the default options. - Note: If you customize the cookie names, use the customized names as keys in this object. |
currency | Optional | string | The currency to use for the storefront. Overrides the currency set by the storefront user. |
defaultHeaders | Optional | Record<string, string> | The default HTTP headers to be included for all API calls. {Record<string, string>} {} |
disableLongLivedLogin | Optional | boolean | If set to a truthy value, JWTs are managed in a way similar to sessions, with a timeout after 30s and a new guest token being generated. If not set or set to a falsy value, longer login durations (up to 90 days) via SLAS refresh tokens are enabled. |
jwtEncryption | Optional | { publicKey: KeyLike; privateKey: KeyLike; } | Can be used to provide additional security by applying hybrid encryption on authentication tokens before they are returned to the client. If the configuration is provided, first a random 32-byte encryption key and initialization vector will be generated, which will be used to symmetrically encrypt the JWT using the aes-256-gcm algorithm. The provided key pair will then be used to asymmetrically encrypt the key and IV via public/private RSA encryption. When an encrypted value is sent by the client in place of a JWT, the reverse process will take place. The expected format is a 2048-bit key pair. One can be generated with e.g. the following commands: openssl genpkey -algorithm RSA -out private-key.pem openssl rsa -pubout -in private-key.pem -out public-key.pem The resulting keys can then be provided to the middleware as follows: jwtEncryption: { publicKey: fs.readFileSync('./public-key.pem').toString(), privateKey: fs.readFileSync('./private-key.pem').toString() } In production a secret management service should be used to fetch the key instead. > NOTE: This process significantly increases the size of the data that gets sent back to the client. This can lead to a situation where Node's header size limit (16kb) is reached, causing a 500 response. The limit can be adjusted using the --max-http-header-size CLI parameter. If adjusting the limit is not possible, using only OCAPI or SCAPI rather than both in parallel is advised. |
locale | Optional | string | The locale of the storefront. Overrides the locale set by the storefront user. |
logLevel | Optional | LogLevelDesc | |
middlewareOrigin | Optional | string | The base URL of the middleware application. Used to generate the redirect URL passed to SLAS. Defaults to the host header extracted from the request. |
ocapiClientId | Optional | string | The client ID for the Salesforce B2C Commerce Open Commerce API (OCAPI) application. |
ocapiClientSecret | Optional | string | The secret of the client used for the Salesforce B2C Commerce Open Commerce API (OCAPI) application. |
ocapiEndpoints | Optional | { [T in keyof ApiSelectableEndpoints]?: boolean; } | Which OCAPI endpoints to enable or disable. |
ocapiJwtToken | Optional | string | The JSON web token (JWT) for the Salesforce B2C Commerce OCAPI application. The client application is responsible for keeping customer credentials and authentication tokens (JWTs) secure. The application must use these JWTs to interact with the Shop API on behalf of the purchasing customer (registered or guest). If Commerce Cloud manages the customer credentials, the client application can obtain a JWT for a customer using the /customers/auth resource. If the client application manages the customer credentials, it can obtain a JWT for a registered customer using the /customers/auth/trustedsystem resource. Because this API uses an OAuth token to identify the client application, Strongly recommend to only use it in a system-to-system integration, where the client application keeps its own OAuth token secret. |
ocapiVersion | Required | string | The version of the Salesforce B2C Commerce OCAPI. |
omnichannelInventoryOrgId | Optional | string | The tenant ID of the Omnichannel Inventory integration from the Salesforce org on which it lives. Required for the availability and inventory reservation endpoints. |
organizationId | Optional | string | The organization ID is a short string that identifies a B2C Commerce instance. Each instance gets its own unique organization ID, such as f_ecom_zzte_053. |
origin | Required | string | The base URL of the API endpoint. |
overrideHttpPut | Optional | boolean | If set to true, endpoints that normally use HTTP PUT will be sent using POST with an additional header (x-dw-http-method-override: PUT). This is a workaround for servers that do not allow PUT requests. Please refer to the following Salesforce documentation https://developer.salesforce.com/docs/commerce/b2c-commerce/references/b2c-commerce-ocapi/httpmethods.html for more information. |
scapiClientId | Optional | string | The client ID for the Salesforce Commerce API (SCAPI) application. For authentication, an Account Manager administrator provisions a new client in the Account Manager with client credentials. Unlike with user authentication, you can provision OCAPI clients only in Account Manager, which enables them to authenticate against any Business Manager instance in the organization. |
scapiClientSecret | Optional | string | The secret of the client used for the SCAPI application. |
scapiJwtToken | Optional | string | The JSON web token (JWT) for the Salesforce B2C Commerce SCAPI application. |
scapiRefreshToken | Optional | string | The token that can be used to refresh the JWT access token for the Salesforce B2C Commerce SCAPI application. |
shortCode | Optional | string | The storefront's short code. The short code is an eight-character string that is assigned to a realm for routing purposes. The short code applies to your entire realm, across all instances. The short code is in the same place as the organization ID. To look it up: 1. Go to the Business Manager URL for your instance. 2. Log in using your Account Manager credentials. 3. Go to Administration > Site Development > Salesforce Commerce API Settings. If you’ve never used the B2C Commerce API in your realm, click Request Short Code to request one. |
siteId | Required | string | The site ID for the storefront. This is the name of the site (sometimes called a “channel”) for which you want to access data. For example: 'RefArch' or 'SiteGenesis'. To see a list of sites in Business Manager: Go to the Business Manager URL for your instance. Log in using your Account Manager credentials. Go to Administration > Sites > Manage Sites. To learn more about site names, see Create and Manage Sites for Development in the B2C Commerce documentation. |
slasClientId | Optional | string | The client ID of a private SLAS client that will be used for customer authentication through SCAPI Setup instructions: https://developer.salesforce.com/docs/commerce/commerce-api/guide/authorization-for-shopper-apis.html Note: If an OCAPI key is in use, it's recommended to have this be the same (the client ID value can be set manually during creation). This will allow for interoperability between SCAPI and OCAPI on persistent objects such as carts and baskets that are owned by guests, since it would allow both API families to share the same JWT for authentication, and by extension - the same guest customer ID. |
slasClientSecret | Optional | string | The client secret of a private SLAS client that will be used for customer authentication through SCAPI Setup instructions: https://developer.salesforce.com/docs/commerce/commerce-api/guide/authorization-for-shopper-apis.html |
slasLoginTimeout | Optional | number | Timeout value for receiving the authorization code from the redirect during the SLAS flow after which the sign in attempt is considered failed and gets abandoned. Default: 10 seconds |
timeout | Optional | number | Time in ms to wait for a response from the API calls. Default: 10000 {number} 10000 |
usid | Optional | string | The unique identified generated by SFCC for the current customer if any; if one is not provided, a new one will be returned by the first access token generation request |
viewType | Optional | string | The view type for the storefront as defined in the master catalog. |
Referenced Types
ResetPasswordTokenClientHeadersCookieNamese.CookieOptionslog.LogLevelDesc- ApiSelectableEndpoints