Vue Storefront is now Alokai! Learn More
sfcc-api

sfcc-api

2.4.1ri:link

Patch Changesri:link

  • cf80bcc: - FIXED Handle an undocumented change to the SLAS getPasswordResetToken and resetPassword endpoints. By default our integration adds the current customer's JWT as a bearer token in the authentication of all requests, but at some point these two endpoints have started failing when an authorization header is present; we've removed the authorization header from requests to these two endpoints so they can continue functioning as expected.
    • FIXED Handle invalidated JWTs after the customer's password is updated. A customer's active JWT token may be invalidated after their password is updated, resulting in failing requests from that point onward in the session. The release notes only mention OCAPI JWTs, but it can also affect SLAS JWTs. We've included an additional sign in call immediately after a password update, in the context of the same request to the Alokai middleware, which generates a fresh JWT and refresh token pair.

2.4.0ri:link

Minor Changesri:link

  • 3ab14a3: Integrate with the getUrlMapping SCAPI endpoint

Patch Changesri:link

  • Updated dependencies 3ab14a3
  • Updated dependencies cf3a63d
    • @vsf-enterprise/sfcc-types@1.5.0

2.3.1ri:link

Patch Changesri:link

  • e0f8d8e: FIXED - regression on the customer context creation endpoint, which causes it to fail

2.3.0ri:link

Minor Changesri:link

  • b04ab3e: Integrates the Omnichannel Inventory endpoints that can be used on the storefront to check a product's availability, reserve stock, update, transfer or release reservations

Patch Changesri:link

  • Updated dependencies b04ab3e
    • @vsf-enterprise/sfcc-types@1.4.0

2.2.0ri:link

Minor Changesri:link

  • cb3687b: CHANGED Replaced sdkLogger from commerce-sdk with Alokai Logger. To learn more about logger, visit Alokai Logger.
  • ece6587: ADDED cookieOptions config. This option allows you to customize the cookie options which are set for a given cookie name.
    Example:
    {
      integrations: {
        sfcc: {
          location: "@vsf-enterprise/sfcc-api/server",
          configuration: {
            // ...
            cookieOptions: {
              "x-vsf-sfcc-ocapi-token": {
                secure: process.env.NODE_ENV === 'production',
                sameSite: process.env.NODE_ENV === 'production' ? 'none' : 'strict',
              }
            }
          },
        },
      },
    }
    

2.1.1ri:link

Patch Changesri:link

  • c941a40: Resolve an error in the sign out flow which crashes the middleware

2.1.0ri:link

Minor Changesri:link

  • 7446123: Exposes SDK methods and API endpoints for the shopper context functionality

Patch Changesri:link

  • Updated dependencies 7446123
    • @vsf-enterprise/sfcc-types@1.3.0

2.0.0ri:link

Major Changesri:link

  • 01bf358: CHANGED - update middleware to 5.1.0

1.2.0ri:link

Minor Changesri:link

  • bc2883a: Improve error handling and allow retries of the order update method

Patch Changesri:link

  • Updated dependencies bc2883a
    • @vsf-enterprise/sfcc-types@1.2.0

1.1.0ri:link

Minor Changesri:link

  • 6fd908e: - Expose an SDK method and API endpoint ensureAccessTokenValidity. It accepts no parameter and has no response body, its purpose is to be the first called method in the consumer app's lifecycle. If there are no JWTs in the request headers (either in cookies or custom headers), guest JWTs will be generated and returned as cookies; if there are preexisting tokens, they will go through validation and will be refreshed if needed. This will allow any following requests that happen in parallel during the first page request to reuse the same token instead of each one generating its own.
    • Enable long-lived logins using refresh tokens. Controlled by the optional opt-out disableLongLivedLogin setting in the middleware configuration. When enabled, guest tokens will always be refreshed when a refresh token is available. This mirrors the default functionality of the official SLAS plugin for SFCC.
    • Removes the USID parameter from refresh token calls, per instructions from the SFCC SLAS team
    • Completely disables OCAPI authentication when the SLAS token will be used for OCAPI calls. Until now we were generating both tokens even if only one of them would be used.

Patch Changesri:link

  • Updated dependencies 6fd908e
    • @vsf-enterprise/sfcc-types@1.1.0

1.0.0ri:link

Major Changesri:link

  • cdf19fc: CHANGED Updated @vue-storefront/middleware version to 4.x.x. CHANGED Removed support for Node versions before 18.
  • e747f29: Stable release of SalesForce integration

Minor Changesri:link

  • 9ca0a56: Add a parameter to the product search endpoint which can be used to forward a response header that contains the search-drive redirect URL to the response body
  • e796642: Adds a SCAPI implenentation for the getOrder method of the orders facade
  • 659607e: Replace all sensitive values in JWT tokens with generic placeholders before exposing them to the SDK consumer
  • a1a1d23: Add support for SLAS JWTs on OCAPI calls
  • f621a97: Add an option to always get a basket by ID rather than using the customer baskets endpoint
  • d75751b: Adds a sign out SDK method to invalidate authenticated JWTs
  • 411b1d5: Implement the order place flow in the SCAPI order facade with a fallback to OCAPI for other statuses
  • 659607e: Add option to serve encrypted JWTs
  • 8c52a1f: Ensure the order is patched with all other request properties after getting placed with a new or open status
  • adf70e3: Changes the middleware config so that the OCAPI settings (ocapiClientId) and the SCAPI settings (scapiClientId, slasClientId, slasClientSecret) are optional. This has the following effects:
    • If no settings are provided for OCAPI and/or SCAPI, the respective client will not be used, meaning no auth tokens will be generated and all calls will be directed to the other client, if available.
    • If no SLAS secret is provided, we'll assume that the SLAS client in use is public, and the public flows will be used for guest tokens, signing in and password resets.
  • e823b4e: Added GetCustomerOrder endpoint for fetching data about selected customer's order
  • 411b1d5: Adds support for placing orders in the updateOrder method
  • b2c76da: Add a method to update an order

Patch Changesri:link

  • f78c60d: Fixes unsafe access to optional API clients in the auth facade
  • dd21832: Adds basic logging and log level configuration
  • 5f06e1c: Prevents the same cookie from being present twice in the response Set-Cookie header; this in turn prevents header overflow situations when the accumulation of duplicate cookies causes the header size to go over the node limit
  • d40bfa3: FIXED signOut method randomly failing with 400 error
  • b05b5a3: CHANGED SFCCIntegrationContext from type to interface to allow declaration merging.
  • 1be2f39: CHANGED several API methods have been refactored to improve docs and API reference.
  • 0bdc007: Improve the consistency and readability of the types used in the interface of the callback called after a password reset token is generated
  • 7cb9f9f: Refactor API endpoints to follow the standartized universal module exports interface
  • f86fffe: Fixed the handling token - added getting token values from cookies in the config extension, as well as updating cookies on the set.
  • 3c75dec: Fixes incorrectly constructed refinement parameters in OCAPI product search call
  • Updated dependencies 9ca0a56
  • Updated dependencies e747f29
  • Updated dependencies f621a97
  • Updated dependencies d75751b
  • Updated dependencies 0bdc007
  • Updated dependencies e823b4e
  • Updated dependencies 411b1d5
  • Updated dependencies b2c76da
    • @vsf-enterprise/sfcc-types@1.0.0

1.0.0-rc.21ri:link

Minor Changesri:link

  • 9ca0a56: Add a parameter to the product search endpoint which can be used to forward a response header that contains the search-drive redirect URL to the response body

Patch Changesri:link

  • Updated dependencies 9ca0a56
    • @vsf-enterprise/sfcc-types@1.0.0-rc.7

1.0.0-rc.20ri:link

Major Changesri:link

  • cdf19fc: CHANGED Updated @vue-storefront/middleware version to 4.x.x. CHANGED Removed support for Node versions before 18.

1.0.0-rc.19ri:link

Patch Changesri:link

  • 5f06e1c: Prevents the same cookie from being present twice in the response Set-Cookie header; this in turn prevents header overflow situations when the accumulation of duplicate cookies causes the header size to go over the node limit

1.0.0-rc.18ri:link

Minor Changesri:link

  • 8c52a1f: Ensure the order is patched with all other request properties after getting placed with a new or open status

1.0.0-rc.17ri:link

Minor Changesri:link

  • a1a1d23: Add support for SLAS JWTs on OCAPI calls

1.0.0-rc.16ri:link

Minor Changesri:link

  • 411b1d5: Implement the order place flow in the SCAPI order facade with a fallback to OCAPI for other statuses
  • 411b1d5: Adds support for placing orders in the updateOrder method

Patch Changesri:link

  • Updated dependencies 411b1d5
    • @vsf-enterprise/sfcc-types@1.0.0-rc.6

1.0.0-rc.15ri:link

Minor Changesri:link

  • f621a97: Add an option to always get a basket by ID rather than using the customer baskets endpoint

Patch Changesri:link

  • Updated dependencies f621a97
    • @vsf-enterprise/sfcc-types@1.0.0-rc.5

1.0.0-rc.14ri:link

Patch Changesri:link

  • 1be2f39: CHANGED several API methods have been refactored to improve docs and API reference.

1.0.0-rc.13ri:link

Major Changesri:link

  • CHANGED Endpoints interface. Previously, each endpoint contained context param, which is internal and shouldn't be exposed in the final interface. Now, Endpoints interface properties don't contain context param. If you need to use context param, you should use ApiMethods type.
- import { Endpoints } from '@vsf-enterprise/sfcc-api';
+ import { ApiMethods } from '@vsf-enterprise/sfcc-api';
  • REMOVED ContextualizedEndpoints type. Use Endpoints instead.
- import { ContextualizedEndpoints } from '@vsf-enterprise/sfcc-api';
+ import { Endpoints } from '@vsf-enterprise/sfcc-api';

1.0.0-rc.11, 1.0.0-rc.12ri:link

Patch Changesri:link

  • FIXED signOut method randomly failing with 400 error

1.0.0-rc.10ri:link

Patch Changesri:link

  • CHANGED SFCCIntegrationContext from type to interface to allow declaration merging.

1.0.0-rc.9ri:link

Minor Changesri:link

  • Adds a SCAPI implenentation for the getOrder method of the orders facade
  • Add a method to update an order

Patch Changesri:link

  • Updated dependencies
    • @vsf-enterprise/sfcc-types@1.0.0-rc.4

1.0.0-rc.8ri:link

Patch Changesri:link

  • Improve the consistency and readability of the types used in the interface of the callback called after a password reset token is generated
  • Updated dependencies
    • @vsf-enterprise/sfcc-types@1.0.0-rc.3

1.0.0-rc.7ri:link

Minor Changesri:link

  • Replace all sensitive values in JWT tokens with generic placeholders before exposing them to the SDK consumer
  • Add option to serve encrypted JWTs

1.0.0-rc.6ri:link

Patch Changesri:link

  • Fixes unsafe access to optional API clients in the auth facade
  • Adds basic logging and log level configuration

1.0.0-rc.5ri:link

Patch Changesri:link

  • Fixes incorrectly constructed refinement parameters in OCAPI product search call

1.0.0-rc.4ri:link

Minor Changesri:link

  • Changes the middleware config so that the OCAPI settings (ocapiClientId) and the SCAPI settings (scapiClientId, slasClientId, slasClientSecret) are optional. This has the following effects:
  • If no settings are provided for OCAPI and/or SCAPI, the respective client will not be used, meaning no auth tokens will be generated and all calls will be directed to the other client, if available.
  • If no SLAS secret is provided, we'll assume that the SLAS client in use is public, and the public flows will be used for guest tokens, signing in and password resets.

1.0.0-rc.3ri:link

Minor Changesri:link

  • Added GetCustomerOrder endpoint for fetching data about selected customer's order

Patch Changesri:link

  • Updated dependencies
    • @vsf-enterprise/sfcc-types@1.0.0-rc.2

1.0.0-rc.2ri:link

Patch Changesri:link

  • Fixed the handling token - added getting token values from cookies in the config extension, as well as updating cookies on the set.

1.0.0-rc.1ri:link

Minor Changesri:link

  • added a sign out SDK method to invalidate authenticated JWTs

Patch Changesri:link

  • Updated dependencies: @vsf-enterprise/sfcc-types@1.0.0-rc.1

1.0.0-rc.0ri:link

Major Changesri:link

  • Stable release of SalesForce integration

Patch Changesri:link

  • Updated dependencies: @vsf-enterprise/sfcc-types@1.0.0-rc.0