Vue Storefront is now Alokai! Learn More
sfcc-api

sfcc-api

2.4.1

Patch Changes

  • cf80bcc: - FIXED Handle an undocumented change to the SLAS getPasswordResetToken and resetPassword endpoints. By default our integration adds the current customer's JWT as a bearer token in the authentication of all requests, but at some point these two endpoints have started failing when an authorization header is present; we've removed the authorization header from requests to these two endpoints so they can continue functioning as expected.
    • FIXED Handle invalidated JWTs after the customer's password is updated. A customer's active JWT token may be invalidated after their password is updated, resulting in failing requests from that point onward in the session. The release notes only mention OCAPI JWTs, but it can also affect SLAS JWTs. We've included an additional sign in call immediately after a password update, in the context of the same request to the Alokai middleware, which generates a fresh JWT and refresh token pair.

2.4.0

Minor Changes

  • 3ab14a3: Integrate with the getUrlMapping SCAPI endpoint

Patch Changes

  • Updated dependencies 3ab14a3
  • Updated dependencies cf3a63d
    • @vsf-enterprise/sfcc-types@1.5.0

2.3.1

Patch Changes

  • e0f8d8e: FIXED - regression on the customer context creation endpoint, which causes it to fail

2.3.0

Minor Changes

  • b04ab3e: Integrates the Omnichannel Inventory endpoints that can be used on the storefront to check a product's availability, reserve stock, update, transfer or release reservations

Patch Changes

  • Updated dependencies b04ab3e
    • @vsf-enterprise/sfcc-types@1.4.0

2.2.0

Minor Changes

  • cb3687b: CHANGED Replaced sdkLogger from commerce-sdk with Alokai Logger. To learn more about logger, visit Alokai Logger.
  • ece6587: ADDED cookieOptions config. This option allows you to customize the cookie options which are set for a given cookie name.
    Example:
    {
  integrations: {
    sfcc: {
      location: "@vsf-enterprise/sfcc-api/server",
      configuration: {
        // ...
        cookieOptions: {
          "x-vsf-sfcc-ocapi-token": {
            secure: process.env.NODE_ENV === 'production',
            sameSite: process.env.NODE_ENV === 'production' ? 'none' : 'strict',
          }
        }
      },
    },
  },
}

2.1.1

Patch Changes

  • c941a40: Resolve an error in the sign out flow which crashes the middleware

2.1.0

Minor Changes

  • 7446123: Exposes SDK methods and API endpoints for the shopper context functionality

Patch Changes

  • Updated dependencies 7446123
    • @vsf-enterprise/sfcc-types@1.3.0

2.0.0

Major Changes

  • 01bf358: CHANGED - update middleware to 5.1.0

1.2.0

Minor Changes

  • bc2883a: Improve error handling and allow retries of the order update method

Patch Changes

  • Updated dependencies bc2883a
    • @vsf-enterprise/sfcc-types@1.2.0

1.1.0

Minor Changes

  • 6fd908e: - Expose an SDK method and API endpoint ensureAccessTokenValidity. It accepts no parameter and has no response body, its purpose is to be the first called method in the consumer app's lifecycle. If there are no JWTs in the request headers (either in cookies or custom headers), guest JWTs will be generated and returned as cookies; if there are preexisting tokens, they will go through validation and will be refreshed if needed. This will allow any following requests that happen in parallel during the first page request to reuse the same token instead of each one generating its own.
    • Enable long-lived logins using refresh tokens. Controlled by the optional opt-out disableLongLivedLogin setting in the middleware configuration. When enabled, guest tokens will always be refreshed when a refresh token is available. This mirrors the default functionality of the official SLAS plugin for SFCC.
    • Removes the USID parameter from refresh token calls, per instructions from the SFCC SLAS team
    • Completely disables OCAPI authentication when the SLAS token will be used for OCAPI calls. Until now we were generating both tokens even if only one of them would be used.

Patch Changes

  • Updated dependencies 6fd908e
    • @vsf-enterprise/sfcc-types@1.1.0

1.0.0

Major Changes

  • cdf19fc: CHANGED Updated @vue-storefront/middleware version to 4.x.x. CHANGED Removed support for Node versions before 18.
  • e747f29: Stable release of SalesForce integration

Minor Changes

  • 9ca0a56: Add a parameter to the product search endpoint which can be used to forward a response header that contains the search-drive redirect URL to the response body
  • e796642: Adds a SCAPI implenentation for the getOrder method of the orders facade
  • 659607e: Replace all sensitive values in JWT tokens with generic placeholders before exposing them to the SDK consumer
  • a1a1d23: Add support for SLAS JWTs on OCAPI calls
  • f621a97: Add an option to always get a basket by ID rather than using the customer baskets endpoint
  • d75751b: Adds a sign out SDK method to invalidate authenticated JWTs
  • 411b1d5: Implement the order place flow in the SCAPI order facade with a fallback to OCAPI for other statuses
  • 659607e: Add option to serve encrypted JWTs
  • 8c52a1f: Ensure the order is patched with all other request properties after getting placed with a new or open status
  • adf70e3: Changes the middleware config so that the OCAPI settings (ocapiClientId) and the SCAPI settings (scapiClientId, slasClientId, slasClientSecret) are optional. This has the following effects:
    • If no settings are provided for OCAPI and/or SCAPI, the respective client will not be used, meaning no auth tokens will be generated and all calls will be directed to the other client, if available.
    • If no SLAS secret is provided, we'll assume that the SLAS client in use is public, and the public flows will be used for guest tokens, signing in and password resets.
  • e823b4e: Added GetCustomerOrder endpoint for fetching data about selected customer's order
  • 411b1d5: Adds support for placing orders in the updateOrder method
  • b2c76da: Add a method to update an order

Patch Changes

  • f78c60d: Fixes unsafe access to optional API clients in the auth facade
  • dd21832: Adds basic logging and log level configuration
  • 5f06e1c: Prevents the same cookie from being present twice in the response Set-Cookie header; this in turn prevents header overflow situations when the accumulation of duplicate cookies causes the header size to go over the node limit
  • d40bfa3: FIXED signOut method randomly failing with 400 error
  • b05b5a3: CHANGED SFCCIntegrationContext from type to interface to allow declaration merging.
  • 1be2f39: CHANGED several API methods have been refactored to improve docs and API reference.
  • 0bdc007: Improve the consistency and readability of the types used in the interface of the callback called after a password reset token is generated
  • 7cb9f9f: Refactor API endpoints to follow the standartized universal module exports interface
  • f86fffe: Fixed the handling token - added getting token values from cookies in the config extension, as well as updating cookies on the set.
  • 3c75dec: Fixes incorrectly constructed refinement parameters in OCAPI product search call
  • Updated dependencies 9ca0a56
  • Updated dependencies e747f29
  • Updated dependencies f621a97
  • Updated dependencies d75751b
  • Updated dependencies 0bdc007
  • Updated dependencies e823b4e
  • Updated dependencies 411b1d5
  • Updated dependencies b2c76da
    • @vsf-enterprise/sfcc-types@1.0.0

1.0.0-rc.21

Minor Changes

  • 9ca0a56: Add a parameter to the product search endpoint which can be used to forward a response header that contains the search-drive redirect URL to the response body

Patch Changes

  • Updated dependencies 9ca0a56
    • @vsf-enterprise/sfcc-types@1.0.0-rc.7

1.0.0-rc.20

Major Changes

  • cdf19fc: CHANGED Updated @vue-storefront/middleware version to 4.x.x. CHANGED Removed support for Node versions before 18.

1.0.0-rc.19

Patch Changes

  • 5f06e1c: Prevents the same cookie from being present twice in the response Set-Cookie header; this in turn prevents header overflow situations when the accumulation of duplicate cookies causes the header size to go over the node limit

1.0.0-rc.18

Minor Changes

  • 8c52a1f: Ensure the order is patched with all other request properties after getting placed with a new or open status

1.0.0-rc.17

Minor Changes

  • a1a1d23: Add support for SLAS JWTs on OCAPI calls

1.0.0-rc.16

Minor Changes

  • 411b1d5: Implement the order place flow in the SCAPI order facade with a fallback to OCAPI for other statuses
  • 411b1d5: Adds support for placing orders in the updateOrder method

Patch Changes

  • Updated dependencies 411b1d5
    • @vsf-enterprise/sfcc-types@1.0.0-rc.6

1.0.0-rc.15

Minor Changes

  • f621a97: Add an option to always get a basket by ID rather than using the customer baskets endpoint

Patch Changes

  • Updated dependencies f621a97
    • @vsf-enterprise/sfcc-types@1.0.0-rc.5

1.0.0-rc.14

Patch Changes

  • 1be2f39: CHANGED several API methods have been refactored to improve docs and API reference.

1.0.0-rc.13

Major Changes

  • CHANGED Endpoints interface. Previously, each endpoint contained context param, which is internal and shouldn't be exposed in the final interface. Now, Endpoints interface properties don't contain context param. If you need to use context param, you should use ApiMethods type.
- import { Endpoints } from '@vsf-enterprise/sfcc-api';
+ import { ApiMethods } from '@vsf-enterprise/sfcc-api';
  • REMOVED ContextualizedEndpoints type. Use Endpoints instead.
- import { ContextualizedEndpoints } from '@vsf-enterprise/sfcc-api';
+ import { Endpoints } from '@vsf-enterprise/sfcc-api';

1.0.0-rc.11, 1.0.0-rc.12

Patch Changes

  • FIXED signOut method randomly failing with 400 error

1.0.0-rc.10

Patch Changes

  • CHANGED SFCCIntegrationContext from type to interface to allow declaration merging.

1.0.0-rc.9

Minor Changes

  • Adds a SCAPI implenentation for the getOrder method of the orders facade
  • Add a method to update an order

Patch Changes

  • Updated dependencies
    • @vsf-enterprise/sfcc-types@1.0.0-rc.4

1.0.0-rc.8

Patch Changes

  • Improve the consistency and readability of the types used in the interface of the callback called after a password reset token is generated
  • Updated dependencies
    • @vsf-enterprise/sfcc-types@1.0.0-rc.3

1.0.0-rc.7

Minor Changes

  • Replace all sensitive values in JWT tokens with generic placeholders before exposing them to the SDK consumer
  • Add option to serve encrypted JWTs

1.0.0-rc.6

Patch Changes

  • Fixes unsafe access to optional API clients in the auth facade
  • Adds basic logging and log level configuration

1.0.0-rc.5

Patch Changes

  • Fixes incorrectly constructed refinement parameters in OCAPI product search call

1.0.0-rc.4

Minor Changes

  • Changes the middleware config so that the OCAPI settings (ocapiClientId) and the SCAPI settings (scapiClientId, slasClientId, slasClientSecret) are optional. This has the following effects:
  • If no settings are provided for OCAPI and/or SCAPI, the respective client will not be used, meaning no auth tokens will be generated and all calls will be directed to the other client, if available.
  • If no SLAS secret is provided, we'll assume that the SLAS client in use is public, and the public flows will be used for guest tokens, signing in and password resets.

1.0.0-rc.3

Minor Changes

  • Added GetCustomerOrder endpoint for fetching data about selected customer's order

Patch Changes

  • Updated dependencies
    • @vsf-enterprise/sfcc-types@1.0.0-rc.2

1.0.0-rc.2

Patch Changes

  • Fixed the handling token - added getting token values from cookies in the config extension, as well as updating cookies on the set.

1.0.0-rc.1

Minor Changes

  • added a sign out SDK method to invalidate authenticated JWTs

Patch Changes

  • Updated dependencies: @vsf-enterprise/sfcc-types@1.0.0-rc.1

1.0.0-rc.0

Major Changes

  • Stable release of SalesForce integration

Patch Changes

  • Updated dependencies: @vsf-enterprise/sfcc-types@1.0.0-rc.0