Search Results for “ocapi” – The Rhino Inquisitor

Getting secured with the 24.5 Salesforce B2C Commerce Cloud release

Thomas Theunen — Fri, 03 May 2024 11:25:41 +0000

Again, it is time for the monthly Salesforce B2C Commerce Cloud release! This time, we look at the May 2024 (24.5) release!

Are you interested in last month’s release notes? Click here!

Platform

Five Minute Minimum Period Enforced for WAF Log Retrieval

A minimum period of five minutes is now enforced for retrieving WAF logs. This enhancement prevents setting the end time for log requests within five minutes of the current time.

This update aims to provide more reliable and complete logs—nothing much to say about this.

Upgrade Your Security Posture with eCDN WAFv2

B2C Commerce announces the upgraded version of our eCDN, now featuring WAFv2, bringing a host of advanced security features to safeguard your online presence.

Here’s what you can expect with eCDN WAFv2:
Open Web Application Security Project (OWASP) Ruleset Integration: The eCDN OWASP Core Ruleset integrates the latest OWASP ModSecurity Core Rule Set (CRS). Your CDN provider routinely monitors for updates from OWASP based on the latest version available from the official code repository.
eCDN Managed Rules: Provide fast and effective protection for all your applications. The rule set is frequently updated to address emerging vulnerabilities and reduce false positives.
eCDN Exposed Credentials Check: A managed ruleset of pre-configured rules for well-known CMS applications. The ruleset conducts a check against a public database of stolen credentials.
Configurability via Business Manager UI and CDN Zones API: With this update, configuring the eCDN WAFv2 settings is now accessible through the Business Manager UI and for new zones, through the CDN Zones API.
Reduced False Positive Detections: The upgraded WAFv2 includes updated managed rulesets that reduce false positives. The rulesets enhance threat detection accuracy while minimizing disruptions to your normal operations.

This is a significant update to the WAF! Increasing security is always on everyone’s mind, so getting an upgrade is much needed.

This is one of the parts of Commerce Cloud over which we had little control until last year. With all updates on the SCAPI side (and also UI) related to security and now this upgrade, we are finally getting some control over everything happening in Cloudflare behind the scenes.

Business Manager

Refine and Customize Promotions

The Business Manager Promotion Refinements feature now offers expanded support for custom product attributes. With this update, users can now create refinable promotions that utilize custom localizable product attributes, as well as custom product attributes of type enum-of-string and enum-of-int. This enhancement addresses the previous limitation where Business Manager users could not set up refinable promotions with these specific custom attribute data types or localizable attributes.

This update might seem small to some, but it dramatically impacts the flexibility of an already flexible promotion engine. Using localised attributes means that regional promotions just got a lot easier!

OCAPI & SCAPI

Custom Headers

You can now use the Script API response object to set custom response headers.

Finally, we get access to our custom headers! This is another excellent addition that opens more flexibility for headless projects.

External Taxation Mode

With B2C Commerce 24.5, You can use external taxation mode with the Shopper Baskets API when hooks are enabled. For details, see External Taxation Documentation.

It is well known that filling in all the necessary data in the Tax Tables of Commerce Cloud can be challenging for some regions worldwide. This is where third-party systems come into play to ease the burden of this task.

Now, with a clear path to follow in Salesforce Commerce Cloud’s headless space, integrating these third-party systems has become much easier. However, it’s important to protect these endpoints from unauthorised access and potential misuse.

When following the link, we are greeted with this documentation:

The B2C Commerce API calculates taxes internally using tax tables. If you want to integrate with a third-party tax provider or calculate taxes on your own, you can use the external taxation feature to add a taxation rate and optional taxation value. When setting a taxation rate, the taxation is calculated for this specific rate. If you pass a value, this value is used as a taxation value, as well, without recalculation. To use this feature, set the taxMode parameter externally when creating the basket.

When using external taxation, you must set a tax rate either in one request to the /baskets/{basketId}/taxes or with separate requests for each line item, using /baskets/{basketId}/items/{lineItemId}/taxes.

If the tax mode of a basket is set to external, a tax item is required for all line items, even for zero-tax items, to avoid oversights.

Deprecation Notification

The following Shopper Baskets (v1 and v2) endpoints are deprecated and are no longer supported:
addPriceBooksToBasket
getPriceBooksForBasket

If you are using any of these APIs, take this into account. However, no documentation on these endpoints yet gives alternatives.

Development

Enhance Order Access Security with the Allow List

Enable the Allow-List feature on the Limit Storefront Order Access setting if you aren’t yet limiting Storefront Order Access at all. This feature enhances security and control over who can access orders and which controllers can access order functions.

How: In Business Manager | Orders | Order Preferences. Set the Limit Storefront Order Access dropdown to Allow List. Enter allowed storefront controllers as a comma-separated list. Only the controllers on the allow list can access customer orders.

For projects on SiteGenesis or SFRA, we now have more fine-grained control over Order Access security now.

However, we should always aim to secure everything. But this option provides us with additional choices, which is always beneficial.

Account Manager

Upcoming Removal of Deprecated Roles in Account Manager

Salesforce is removing deprecated roles from Account Manager. To prevent any disruption in your organization's workflow, ensure you aren’t using the deprecated roles. How: Review the list of deprecated roles that are slated for removal. Reassign any users currently using these roles. For assistance with reassigning roles, see Edit a User Account.

The affected roles include:

SLAS Organization Admin role (Deprecated for API Clients only)
XChange roles
Documentation User, Documentation Linguist, Documentation Reviewer
statuspage.io User
Business Manager Partner
CQuotient Configurator Administrator
Order Management Admin
Order Management User

A bit of cleaning up is happening here! But if you use these roles in an “old” automation routine, you might want to remove them to avoid exceptions.

PWA Kit v3.5.x

Add Support for SLAS private flow #1722
Fix invalid query params warnings and allow custom query #1655
Fix cannot read properties of undefined (reading 'unshift') #1689
Add Shopper SEO hook #1688
Update useLocalStorage implementation to be more responsive #1703
Storefront Preview: avoid stale cached Commerce API responses, whenever the Shopper Context is set #1701

There is a new release of the PWA Kit, with the most significant addition being support for an SLAS private flow. This update should boost performance, as fewer API calls are needed to get the ball rolling!

This also offers an excellent example of how to securely do these kinds of integrations without exposing credentials.

Updated Cartridges & Tools

b2c-tools (v0.25.0)

b2c-tools is a CLI tool and library for data migrations, import/export, scripting and other tasks with SFCC B2C instances and administrative APIs (SCAPI, ODS, etc). It is intended to be complimentary to other tools such as sfcc-ci for development and CI/CD scenarios.

Bugfix – corrects path for types in package.json by @nick11703 in #133
Feature – allow reading certificate from buffer by @nick11703 in #134

plugin_slas(v7.3.0)

This cartridge extends authentication for guest users and registered shoppers using the Shopper Login and API Access Service (SLAS).

Reduce session churn on hybrid sites #187
Use refresh token expiry from SLAS #154
Update OCAPI version regex to allow double digit minor numbers #182
Add support for SLAS private clients #178

The post Getting secured with the 24.5 Salesforce B2C Commerce Cloud release appeared first on The Rhino Inquisitor.

Getting to know the SFCC 24.4 Release

Thomas Theunen — Mon, 01 Apr 2024 08:03:24 +0000

It’s that time of the year again! The April 2024 (24.4) release of Salesforce B2C Commerce Cloud is finally here, just in time for the spring season. Let’s take a closer look at all the exciting new features and improvements this release offers.

Are you interested in last month’s release notes? Click here!

Added support for additional HTTP methods for Custom APIs

The newly enabled methods in 22.4 now allow us to create custom endpoints for any use-case (theoretically):

POST
PUT
PATCH
DELETE
HEAD
OPTIONS

This update is highly anticipated by Headless projects, as it offers greater flexibility in the Composable Storefront than ever before!

Read all about it here.

Rogue Query Timeouts in B2C Commerce

To protect customer instances and associated services from outages, B2C Commerce restricts rogue queries that produce 200 thousand results or more. To better protect Salesforce B2C Commerce, Salesforce plans to limit the allowed offset value from 200 thousand to 10 thousand..

Salesforce’s Commerce Cloud B2C platform has restricted rogue queries producing 200,000 or more results to protect customer instances from outages.

In the 24.6 Release in June 2024, the allowed offset value will be limited to 10,000. If a rogue query is generated, an error message will notify API users that the offset value needs to be set to under 200,000, while Business Manager calls will fail without the message.

To reduce the risk of generating large queries, users are advised to make their queries more targeted via filters and offset values.

What batch APIs can be used to still retrieve large datasets?

For orders
- processOrders
- Class OrderMgr
For customers
- processProfiles
- Class CustomerMgr

				
					application failed to invoke [search_protocol.search()] on server, responding with 
            fault. exception was [com.demandware.core.rpc.server.InvocationException: exception 
            while invoking operation], cause [org.elasticsearch.ElasticsearchIllegalArgumentException: 
            Search request offset <value> is greater than offset limit 200000 for tenant '<GroupID>_<Instance'>, type 'order']

Manage More Images in Page Designer

The Page Designer image and media picker now supports up to 1,000 images per folder. Previously, only 200 images within a folder were accessible in the image picker, even if more existed. The increased image limit improves the user experience for merchandisers and content creators and avoids workarounds, such as creating subfolders for extra images.

Since the introduction of Page Designer, users have been facing a recurring issue of images not being found due to the 200-image limit. This issue has been reported globally on a monthly basis.

The good news is that the limit has been increased to 1000. This should provide some relief to users while setting up their pages. It is still not unlimited, so it is important to manage folders effectively to avoid reaching the 1000 limit in the near future.

Business Manager

Configure eCDN for Staging in Business Manager

Business Manager now supports configuring eCDN for staging environments. eCDN settings are specific to each instance (development, staging, and production), and you manage them individually. When you create a proxy zone in production, the zone doesn’t replicate a corresponding proxy zone in your development or staging instance. The new eCDN configuration feature simplifies onboarding new sites for staging instances, making it easier to mimic your production instance. Because the configuration uses the existing CDN-API, you can use either Business Manager or the API to manage your eCDN configurations.

It feels like only yesterday that I published my blog post on how to upload certificates to the staging environment. With this latest release, we can now use the same user interface that we use in production and development. This is a great update that should simplify our lives, especially considering that in the past, we had to rely on support to get this done.

Auto-Correction is Disabled by Default

The default setting for auto-correction for searchable attributes added after the B2C Commerce 24.4 release is now set to No. This change affects searchable attributes added through the Business Manager UI or via import. Existing configurations aren’t affected. Previously, when you added a searchable attribute, the default setting was Yes, which could cause issues in instances when search functions shouldn’t correct values, such as the product SKU, ID, or ISBN. Additionally, the auto-correction dictionary’s size can incrementally increase over time, leading to search noise.

A small change has been made to remedy some confusion that can occur while configuring attributes. The Autocorrection feature is now a manual action that needs to be taken by the user, instead of being set by the system by default.

This is a nice change that will improve the overall user experience.

OCAPI & SCAPI

productSearch gets more data

With B2C Commerce 24.3, expanded the Shopper Search API productSearch endpoint to include additional parameters: productPromotions, imageGroups, priceRanges, and variants

Hooks have been a go-to patch for information like this for a while now, and being able to replace these customisations with platform-native solutions will help keep our projects maintainable.

Hook cleanup time!

New API: searchCustomerGroup

Search for customer groups in a given Site Id. The query attribute specifies a complex query that can be used to narrow down the search.

With each new release, a new API seems to appear—this time, one for the “management” side of things.

New API: Shopper Custom Objects API

Use the Shopper Custom Objects API to retrieve custom object information. You can specify an object type ID as well as a key attribute for the object.

Another use case where the OCAPI is no longer required, and we can access Custom Objects in our composable projects more easily.

Check for Customization with SCAPI

Two new SCAPI response headers are available to check for custom requests and resulting hook execution errors.

Two new headers have made their way into the SCAPI:

sfdc_customization–indicates whether customization has been applied during the request execution. Currently, the only possible value for the header is “HOOK”, which indicates that a hook execution was registered.
sfdc_customization_error–if the value is “1″, an error occurred within a hook execution.

This is a great addition that will allow us to get more information on the client side of what is going on and take some of the guesswork out of it.

OCAPI JWT Response to Updated Passwords Is Changed

To enhance security and align with the SLAS JWT session handling, we updated how the OCAPI JWT handles password changes. Now, if your customer changes their password, all previously issued active OCAPI JWTs are invalidated. The OCAPI client receives an HTTP 401 response, accompanied by a body message that indicates an invalid access token. Previously, the JWT remained valid until its normal timeout.

				
					“fault”: {
        “arguments”: {
        “accessToken”: “Customer credentials changed after token was issued. Please Login again.”
        },
        “type”: “InvalidAccessTokenException”,
        “message”: “The request is unauthorized, the access token is invalid.”
        }

Security is a serious matter, and automatic deactivation of active sessions is a valuable update that can give peace of mind. We can also use the information from the response to inform customers of what is happening.

Unfortunately, the error message does not have a unique identifier, only an “English” message, making translating or creating a key slightly more challenging.

Updated Cartridges & Tools

b2c-tools (v0.21.1)

b2c-tools is a CLI tool and library for data migrations, import/export, scripting and other tasks with SFCC B2C instances and administrative APIs (SCAPI, ODS, etc). It is intended to be complimentary to other tools such as sfcc-ci for development and CI/CD scenarios.

support parent traversal in page designer library

plugin_passwordlesslogin (v1.2.2)

Passwordless login is a way to verify a user’s identity without using a password. It offers protection against the most prevalent cyberattacks, such as phishing and brute-force password cracking. Passwordless login systems use authentication methods that are more secure than regular passwords, including magic links, one-time codes, registered devices or tokens, and biometrics.

exclude scapi calls from onSession logic by @sandragolden and @clavery in #18

The post Getting to know the SFCC 24.4 Release appeared first on The Rhino Inquisitor.

In the ring: OCAPI versus SCAPI

Thomas Theunen — Mon, 18 Mar 2024 08:49:51 +0000

As we move into 2024, the SCAPI has received much attention and has been updated with new APIs, updates, and performance improvements. On the other hand, the OCAPI rarely gets any new features in its release notes, leading some to believe it is outdated or deprecated.

In this article, I will explore this topic in detail to determine whether or not these claims are accurate.

So, let’s get rumbling!

OCAPI versus SCAPI

Salesforce B2C Commerce Cloud has a long-standing history with its OCAPI, which offers a broad range of APIs for various purposes. One typical integration that highlights the functionality of these APIs is Newstore. This mobile application solution uses customisation hooks in the provided cartridge to integrate with the APIs.

The SCAPI, or Storefront Commerce API, is a relatively “new” set of APIs introduced on July 22, 2020. It offers a different way of interacting with SFCC (Salesforce Commerce Cloud) from third-party systems and headless front-ends than the way we had been doing with the OCAPI (Open Commerce API) before.

However, there is one drawback to the SCAPI: not all APIs that exist in the OCAPI are available in the SCAPI, at least not yet.

Let’s keep score, shall we?

OCAPI: 1
SCAPI: 0

New APIs

In recent years, the SCAPI has introduced several new APIs that the OCAPI does not have. These new APIs have been implemented to address OCAPI gaps or expose new functionality, such as those related to SEO and CDN, allowing for more robust and comprehensive functionality.

SCAPI now offers a wide range of APIs for developers to use, allowing them to build customised solutions for their clients. As these new APIs have been developed explicitly for SCAPI, it is unlikely that the OCAPI will ever have access to them.

In the future, it is clear that any significant new APIs will only be added to the SCAPI, which aligns with the platform’s strategy.

OCAPI: 1
SCAPI: 1

SLAS

SLAS, or Shopper Login and API Access Service, is a Salesforce Commerce Cloud (SFCC) feature allowing third-party systems or headless front-ends to authenticate shoppers and make API calls.

It’s an authentication orchestration service that can handle various scenarios without requiring the creation of custom code for each one separately. (Some tweaking of parameters and configuration is still required, but that’s not the focus of this article.):

B2C Authentication: Normal login with Salesforce B2C Commerce Cloud
Social Login (Third-party login): Login with platforms such as Google and Facebook
Passwordless Login: Login via e-mail or SMS
Trusted Agent: Have a third-party person or system login on behalf of a customer

Although it is possible to use this service in conjunction with OCAPI, it is more part of the SCAPI offering, so let us give a point to SCAPI in this case.

OCAPI: 1
SCAPI: 2

PWA Kit

Have you heard about the PWA Kit or Composable Storefront? You may have, as it’s the latest addition to the front-end options besides SiteGenesis and SFRA.

The Composable Storefront is a Headless storefront that connects to the back-end SFCC systems through the SCAPI. Although it used to be connected to the OCAPI due to some limitations with the hooks system, the latest version is now fully connected to the SCAPI.

It’s no secret that the Composable Storefront is the primary driver for these innovations.

Another point to SCAPI!

OCAPI: 1
SCAPI: 3

Oh my … things aren’t looking proper for the OCAPI.

Infrastructure

The architectural setups of the OCAPI and SCAPI options are entirely different.

The OCAPI runs on the back end, the exact location as the Business Manager, SFRA/SG storefront, and your custom code.

~~On the other hand, the SCAPI is a MuleSoft instance managed by Salesforce (no, you can’t access this – but I know you want to).~~
In the current architecture, CloudFlare workers have taken over the role that was previously played by MuleSoft.

Although the SCAPI has an extra layer in between, it gives Salesforce the flexibility to make their architecture more flexible (and composable) by allowing them to have one point of entry while being able to upgrade, fix, or replace parts without anyone noticing.
~~However, this setup has some downsides, such as more network hops between the systems, resulting in network delays that need to be considered.~~ By replacing MuleSoft with CloudFlare, the amount of network delays introduced should be minimal!

The OCAPI wins for its simplicity, but the SCAPI wins for its future-proof architecture. Nevertheless, this future-proof architecture can only work if it has been set up correctly, and we don’t have any view into that black box.

So, for me, both of them get a point here!

OCAPI: 2
SCAPI: 4

Rate Limits

APIs can be enjoyable to work with, but they are also vulnerable to DDoS attacks and poor design, leading to excessive API calls and a heavy server load. Yet, the OCAPI is designed to be safe and user-friendly, and CloudFlare and Salesforce-managed firewalls protect it to ensure server safety and limit the number of requests.

Although the rate-limiter is a straightforward “pass” or “block” method, it is essential to consider its impact and be prepared for the worst.

Contract Info: On a side note, all OCAPI calls are counted as "Storefront Requests", which are part of the contract.

The SCAPI has implemented a new “Load Shedding” system to replace rate limits. This system provides a comprehensive view of what is happening behind the scenes.

Not all APIs are the same Not all SCAPI endpoints work with this new system, but some are still protected with set rate limits.

OCAPI: 2
SCAPI: 5

Conclusion

The SCAPI outperforms the OCAPI in multiple ways, which is why the former was implemented. However, if you are still extensively using the OCAPI, there is no need to worry because you are not alone – even the SCAPI uses it behind the scenes.

Many SCAPI API calls are just a proxy for OCAPI calls. Consequently, as long as the SCAPI depends on the OCAPI, it is not going anywhere.

The post In the ring: OCAPI versus SCAPI appeared first on The Rhino Inquisitor.

Digging into the B2C Commerce Cloud 24.3 release

Thomas Theunen — Mon, 04 Mar 2024 09:04:46 +0000

As snowy days slowly turn into sunny ones, the 24.3 release of SFCC has arrived! Let us have a look at the March release of 2024.

Are you interested in last month’s release notes? Click here!

Platform

Add More Product Line Items per Basket

If your site was limited to 50 line items per basket, the maximum number is increased to 200. This new limit doesn’t affect users who have been granted a lower or higher limit.

Quite a big uplift in the amount of different product line items allowed in a single basket by default. This will be particularly handy in certain industries such as groceries, gifting, and even some small B2B cases.

Prioritize Resource Bundle Lookup

You can now change the order of the resource bundle lookup and give priority to the WebDAV resource bundle. The default lookup first checks the resource bundle IDs of the code cartridges assigned to your site and then checks WebDAV. If you have resource bundles with the same ID in the cartridge and WebDAV, the cartridge resource bundle is always selected over the resource bundle in the WebDAV location. You can now use a toggle to switch the order to check WebDAV first.

A new feature toggle is now available under “Feature Switches” in the “Global” section of the Administration panel.

This option will give a bit more flexibility in translation management and open new routes. Does anyone care to revisit “Resource Manager”?

Scheduled Backups Button Is Disabled

The Scheduled Backups button is no longer available. Instead, use a customer job to schedule backups of your production and development environments.

The scheduled backup feature has been turned off on all PIG environments except for the staging environment. This feature was initially intended for the staging environment. So, most projects won’t be affected by this change.

However, if you use this feature in other environments, you can use a system job step called SiteExport that you can schedule independently.

Business Manager

Display Alert Messages in Business Manager

Display alerts as a persistent banner on the top of every Business Manager page. Alerts can relate to Business Manager modules and are only visible to users with permissions to access the module. Salesforce might also use the enhanced alerting framework to display critical system messages to Business Manager users.

A new option that is more prominent and cannot be ignored. To enable, go to Administration | Operations | Notification Settings in Business Manager and select the Banner alert type.

OCAPI & SCAPI

Prepare for Changes to Sever-Side Web-Tier Caching

If you provision your SCAPI zone with short code, SCAPI caching is enabled by default after March 12, 2024, and the feature switch SCAPI Server-Side Web-Tier Caching is has no effect. If you enroll in SCAPI before March 12, 2024, you can continue to enable SCAPI caching in Business Manager. To enable caching, in Business Manager, select Administration | Feature Switches, and turn on SCAPI Server-Side Web-Tier Caching.

Performance is always a hot topic for any industry, and having Web-Tier cache active will hopefully have a significant impact on the performance of all headless channels.

The new standard after March 12th Be sure to test all your channels with the feature switch enabled before March 12, when it becomes active!

SCAPI - Shopper SEO

Updated getUrlMapping's response to include the optional property resourceSubType, which indicates whether the resolved object is a Page Designer content asset or a Content Slot asset. For more information, see the UrlMapping type reference.

Updated getUrlMapping to support URL redirects. For more information, see the URL Resolution guide.

Updated getUrlMapping to support these hooks: dw.shop.seo.url_mapping.beforeGET and dw.shop.seo.url_mapping.modifyGETResponse.

Some updates to the URL mapping endpoint, which include support for URL Redirection from the Business Manager!

Shopper Baskets v2

Provides support for temporary baskets. Temporary baskets can perform calculations to generate totals, line items, promotions, and item availability without affecting the shopper’s storefront cart. You can use these calculations for temporary basket checkout.

New Shopper Basket v2 response fields:

groupedTaxItems

taxRoundedAtGroup

temporaryBasket

Deprecation The dw.ocapi.shop.basket.beforePOST hook is no longer supported in Shopper Baskets V2 and is replaced by the dw.ocapi.shop.basket.beforePOST_v2 hook.

The new version for Shopper Baskets looks a bit different from v1, so adjust your customisations if you plan to upgrade.

SCAPI Load Shedding

If the system reaches a load threshold, an HTTP 503 response is returned for a subset of API families.

Covers APIs not covered by rate limits that are considered non-critical, for example: endpoints related to search, products, and authentication. Load shedding is not used for checkout-related endpoints, such as Shopper Baskets and Shopper Orders, to ensure that shoppers can complete an in-progress checkout.

Includes additional HTTP response headers that allow you to understand the current system load: sfdc_load, which represents a load percentage with higher percentages indicating higher loads, and sfdc_load_status, which is a enum WARN|THROTTLE that helps you understand the relative health of the system.

We received a notification regarding removing rate limits for SCAPI endpoints some time ago.

Instead, a new system called Load Shedding has been introduced. This system allows us to monitor the performance of the APIs based on different response headers that have been added. If necessary, we can also introduce our safety features.

While this system gives us more control, it also introduces a new scenario to take into account.

Custom Request Headers

Developers can send custom request headers that are passed and made available in server-side custom implementations.

It is now possible to add custom headers to your requests to use in your customisations on the server-side.

Pattern: c\_{yourHeader}

Account Manager

Security Update for the Audit History Logs

Starting with the 1.32.2 release, the full name and full email address for active audit history users are masked from administrators. Masking occurs when the active user isn’t part of the organization and they’re active in Audit History for a User, Organization, or API Client sessions. Masking is also used when organization users view their audit history on the start page. The mask improves security compliance.

A minor update for security compliance.

Bugfixes

Quite the list of bug fixes this time!

Updated Cartridges & Tools

plugin_passwordlesslogin (v1.2.1)

Passwordless login is a way to verify a user’s identity without using a password. It offers protection against the most prevalent cyberattacks, such as phishing and brute-force password cracking. Passwordless login systems use authentication methods that are more secure than regular passwords, including magic links, one-time codes, registered devices or tokens, and biometrics.

Update feature so that callbacks, redirects, and scopes are not overwritten.

composable-hybrid-sitegenesis-poc (v2.1.1)

This repository demonstrates a proof of concept (POC) for implementing SLAS and phased rollouts on SiteGenesis. The examples given use the latest version of SiteGenesis, using JavaScript controllers, but the same approach could be used on pipeline versions of SiteGenesis.

Although we are already at v2.1.1, this repository is new and its first release.

b2c-tools (v0.20.0)

b2c-tools is a CLI tool and library for data migrations, import/export, scripting and other tasks with SFCC B2C instances and administrative APIs (SCAPI, ODS, etc). It is intended to be complimentary to other tools such as sfcc-ci for development and CI/CD scenarios.

bdw.js rename and updates by @jlbruno in #119
Updating readme instructions for local project install by @jlbruno in #120
added intellij support for groups by @sandragolden in #121

The post Digging into the B2C Commerce Cloud 24.3 release appeared first on The Rhino Inquisitor.

A look at the Salesforce B2C Commerce Cloud 24.2 release

Thomas Theunen — Mon, 05 Feb 2024 06:59:49 +0000

It’s time to gear up for the February 2024 (24.2) release of Salesforce B2C Commerce Cloud! With the arrival of this latest release, let’s look at what’s new and exciting!

You can always check out last month’s release notes by clicking here if you missed it.

Platform

Partitioned Cookies

On By Default This new feature is automatically enabled with the 24.2 release and may cause unexpected behaviour if you have complex use cases involving cookies.

Please turn it off until you have completed all necessary testing.

Affects Hybrid Deployments An extra warning for those using hybrid deployments: it is important to test adequately as this change may disrupt standard customer flows.

Concerning browser vendors’ ongoing deprecation of third-party cookies, a new feature in Salesforce B2C Commerce Cloud affects how cookies are handled: “Partitioned Cookies“

Cookies that are sent by controller code, such as via response.addHttpCookie will now have the Partitioned flag set.

Most people won’t notice a difference, but this change may have side effects if you have more complex custom cookie logic. However, a feature toggle called Partitioned Cookies defaults to true – you can turn off this new behaviour there, but be sure to read the description carefully, as it is necessary for Page Designer and Toolkit when third-party cookies are disabled in the browser.

Allow Duplicate Terms in Search Phrases

B2C Commerce search now accepts long-tail search phrases with duplicate search terms. When an exact match for a given phrase is found, the suggestion processor returns highly relevant search results.

Previously, duplicate words in long-tail search phrases were autocorrected to slightly different versions. Autocorrecting terms in the search phrase can result in irrelevant search results.

Improvements in the built-in search engine are always welcomed. A reliable search function across all channels enhances user experience and increases conversion rates.

Get a Higher Level of Time Stamp Accuracy with Inventory

ProductInventoryRecord.AllocationResetDate now supports a higher level of accuracy in the database. The change is backward-compatible.

When dealing with various sales channels that impact inventory, multiple stock modifications may occur within the exact second.

Previously, we were unable to differentiate at the millisecond level, but that is no longer the case! With the database modification that allows for milliseconds in the timestamp instead of seconds, we can now more effectively handle this particular use case.

XML Import example

				
					// example import with seconds
<allocation-timestamp>2023-11-22T06:56:01Z</allocation-timestamp>
 
// example import with milliseconds
<allocation-timestamp>2023-11-22T06:56:01.567Z</allocation-timestamp>

OCAPI

				
					// Request body example with millis
{ 'allocation': { 'amount': 17, 'reset_date': '2023-11-23T08:39:23.456Z' } }
// Response always with millis
.... 'reset_date': '2023-11-23T08:39:23.456Z'
 
// Request body example with seconds
{ 'allocation': { 'amount': 17, 'reset_date': '2023-11-23T08:41:23Z' } }
// Response always with millis
.... 'reset_date': '2023-11-23T08:41:23.000Z'

Business Manager

Specify a Date Format for Locales

You can now modify the date settings format in Business Manager so that the script API method dw.util.Calendar.getFirstDayOfWeek() returns the first day of the week in the date format used by your site locale. Previously, you couldn’t modify the date format to match the local or regional context.

Development

Custom SCAPI Endpoints

The promised helper functions have arrived with the new custom endpoints going GA, making creating scripts for your endpoints easier!

OCAPI & SCAPI

Custom SCAPI Endpoints

Although this option has existed since September last year, this feature is now officially out of BETA and can be safely used in production environments.

It is important to note that a few things have changed in this release that might break your current customisations, so verify that all endpoints still behave and work the way you intended.

The documentation has been updated to include these changes. It’s time to read up!

SLAS Updates

Improved error handling for TSOB(Trusted system on Behalf) for "customer not found" user scenarios.
Support added for using SAP Customer Data Cloud socialize REST endpoints.
IDP configuration now allows the IDP client credentials to be added to the POST body. SLAS now supports OIDC client_secret_basic and client_secret_post for client authentication.
Updated the /introspect endpoint to include a “sub” claim in the response.
Improved validation in Session Bridge(SESB) flow by checking for the customer_id and failing the request if the customer is already registered.
Includes SLAS Admin UI and API bug fix to address the cache synchronization issue when a client is edited or deleted.

SLAS updates this month include some critical changes. One of the issues that has been bothering me for the past year was the visual cache of the SLAS admin UI, which caused a lot of confusion by displaying outdated information.

However, I’m happy to report that this issue has finally been fixed, dramatically improving UX.

Account Manager

1.32.0 Release

Security Fixes
Bug Fixes
Infrastructure Updates
UUID Tokens Switched to JWT Access Tokens: As previously announced in June 2023, Account Manager no longer supports the use of UUID token formats. All new API Clients only support the JWT access token format.

After quite a long warning beforehand, the UUID option is now wholly gone for new API clients!

SFRA v7.0.0

BREAKING CHANGE: SFRA v7.0.0 has been updated to support Node 18

Setup Github Actions config by @shethj in #1337

Allow arbitrary-length TLDs by @wjhsf in #1352

Fix broken locale selector on Page Designer pages. by @wjhsf in #1354

Fix search with multiple refinements on PLP by @shethj in #1365

Bug: avoid XSS attacks in addressBook.js by @mjuszczyk1 in #1366

Update: seo friendly urls for search refinements by @sandragolden in #1331

Bug: fix transformations not being applied (W-8851964) by @wjhsf in #1183

Use standard ignore for generated files by @wjhsf in #1182

Bump version to v7.0.0 by @shethj in #1373

Add node18 release note by @shethj in #1374

A long-awaited update to SFRA is finally here with the long-promised update to node 18!

Effort Do not underestimate upgrading your projects, as this update also means that libraries have been upgraded!

PWA Kit v3.4.0

General
Add support for node 20 #1612
Fix bug when running in an iframe #1629
Generate SSR source map with environment variable #1571
Display selected refinements on PLP, even if the selected refinement has no hits #1622
Added option to specify isLoginPage function to the withRegistration component. The default behavior is "all pages ending in /login". #1572

Accessibility
Add correct keyboard interaction behavior for variation attribute radio buttons #1587
Change radio refinements (for example, filtering by Price) from radio inputs to styled buttons #1605
Update search refinements ARIA labels to include "add/remove filter" #1607
Improve focus behavior on my account pages, address forms, and promo codes #1625

Storefront Preview
We've added a new context input field for Customer Group. This is a text input for now but we imagine a dropdown in the future.
We know many of you will bring third party CMS's to the mix. We want you to be able to use Storefront Preview with these as well! On that note please check out our new guidance on Preview extensibility. Essentially you can forward context changes onto a third party to set their version of context in the given platform meaning your Previewed storefront can faithfully render all the content relevant to your context settings.

With smaller and larger updates, the 3.4 release is now equipped to support more use cases and stay current with the latest Node versions!

Bugfixes

Someone decided in January to do some cleanup, making it harder to make an overview, but here is a link to make things easier!

Updated Cartridges & Tools

composable-storefront-pocs

This repo is a composable storefront implementation with various proof of concepts baked in. It otherwise closely tracks pwa-kit

A big update to the POC library, such as live editing (custom editors) and Promotional/Sale/list pricing on PLP and PDP.

plugin_slas (v7.2.0)

This cartridge extends authentication for guest users and registered shoppers using the Shopper Login and API Access Service (SLAS).

Node18 upgrade by @alexvuong in #175
Bump version to v7.2.0 by @shethj in #177

The post A look at the Salesforce B2C Commerce Cloud 24.2 release appeared first on The Rhino Inquisitor.

Three things you can do today to secure your SFCC environment

Thomas Theunen — Mon, 15 Jan 2024 17:47:00 +0000

The importance of security in any digital environment can not be stressed enough. Even though Salesforce Commerce Cloud is a SaaS solution, you are still in charge of your system and how some aspects are secured.

A good example is user management; you securely handle access to different environments. Salesforce provides the tools to secure it, but you must use them correctly for optimal protection.

There is no time like the present, so let us look at three things you can do today to secure your Salesforce B2C Commerce Cloud environment!

Verify account manager access

As mentioned, user management is under your (or someone within your team) supervision. A few automations exist, such as auto disabling of accounts, but that doesn’t mean you shouldn’t have a look!

So why not do an audit now? Look at all the accounts and what access rights they have. Ask the question: “Do they need access to this now?” They might have needed access to administer an environment at one point, but that was aeons ago. So why not restrict that access?

You should always have a system of least privilege, but mistakes happen – we are only human! Or off-boarding procedures that need to be correctly followed. So, an audit every once in a while is a good idea.

But why do this, you might ask? Well, there are quite a few reasons for this:

People do administrative tasks in the wrong environment by accident, even though they have not been working on that project for weeks/months/years (it happens)
An account was hacked that had access to multiple projects they no longer worked on
Someone left the company on bad terms and decided to abuse their access
… and many more

I am not saying that with a system of least privilege, all damage could have been prevented, but they could have done much less damage if the correct procedures had been adhered to.

Check the code for security issues

Just as user access is something you and your team are in charge of, so is the security quality of the code deployed to the environments.

It might be a good idea to go and check out the repository and review the most sensitive areas, looking for security holes. Don’t know where to start? I wrote an extensive article about security best practices to remember during development.

Third-party access

Next to user access to the business manager of the environments, there are also API Keys that allow administrative access to the system through REST endpoints and the WebDAV.

If you have systems that integrate with Salesforce B2C Commerce Cloud, document those systems and how they integrate. And again, make sure they work with a Principle of Least Privilege.

An excellent example of such an integration is an ERP system that updates orders via the OCAPI and uploads Price Book files to WebDAV. Verify that the ERP can only do those two things with the API Key it has been given.

There may be an integration that is no longer active or an API key that has been replaced. Ensure these are removed from the configuration so no one can abuse them if they are accidentally shared outside your organisation.

We always hope people who get these by accident bear no ill will, but that is not the world we live in.

Get crackin’

These three items are just to get you started, there are many other things that you can check today to make sure your environments are secured. And make sure to check the documentation for helpful features and tools that Salesforce providestools that Salesforce provides to make your life easier.

The post Three things you can do today to secure your SFCC environment appeared first on The Rhino Inquisitor.

Commerce Cloud 24.1 Release: A New Year Update

Thomas Theunen — Mon, 08 Jan 2024 09:10:13 +0000

A new year means release notes for the back end have started again! This time, we look at the January 2024 (24.1) release!

Are you interested in last year’s release notes? Click here!

Platform

DKIM Support for Emails

Are you tired of missing out on important emails because they end up in your SPAM folder? We have great news for you! Commerce Cloud now comes with DKIM support, designed to significantly reduce the chances of your emails being marked as SPAM.

PIG Only This option does not seem to be available on sandboxes.

Improved log handling for Einstein Search Dictionaries and Einstein Predictive Sort

The error handling for Einstein Search Dictionaries and Einstein Predictive Sort log files no longer creates log errors when an updated dataset isn’t available.

How: If you use Einstein Search Dictionaries or Einstein Predictive Sort, verify the Region setting in your staging instance. In Business Manager | Administration | Operations | Einstein Status Dashboard | site, set the Region to one of the following:

Americas
APAC
EU

OCAPI & SCAPI

Enable Temporary Baskets for Immediate Order Requests in OCAPI

OCAPI 23.4 includes support for temporary baskets. Temporary baskets allow for immediate order requests in B2C Commerce. For example, a shopper uses a Buy Now option to purchase an item. The temporary basket, which has a limited lifetime of 15 minutes, is populated with all the data required to ready the basket for checkout without affecting the regular shopper basket.

How: Pass a query parameter temporaryBasket into POST baskets to create a temporary basket. With OCAPI 23.4 the basket document attribute isTemporary indicates a basket is temporary.

The recent introduction of temporary basket access in Headless setups is a significant breakthrough! This new feature unlocks a world of possibilities for mobile applications and the PWA Kit.

Have you ever received a request to allow only one product type in a single basket without allowing any combinations? Such requests were puzzling before this feature was added. Where do you store the current basket? What if the product goes out of stock in the meantime?

Some things that you need to remember about these temporary baskets:

Basket lifetime is limited compared to shopper baskets. A temporary lifetime of 15 minutes is used for basket retention.
Limit is separate from shopper and agent basket limits. The shopper can have up to 4 temporary baskets.
Available to all shoppers, including guests. (unlike agent baskets)

SCAPI It is unclear if this change translates to the SCAPI endpoint (https://developer.salesforce.com/docs/commerce/commerce-api/references/shopper-baskets?meta=createBasket). Currently, the new query parameter is not mentioned in the documentation. However, it is expected that development on the SCAPI will resume in January, and hopefully, this feature will be on the roadmap.

PWA Kit v3.3.0

Some love again for the PWA Kit, wit the release of v3.3. The main changes are:

Adding StorefrontPreview component ‘onContextChange’ property to prepare for future Storefront Preview release
Updating engine compatibility to include npm 10
Replacing max-age with s-maxage to only cache shared caches
Improving pwa-kit-dev start command to accept CLI arguments for babel-node
Adding source-map-loader plugin to webpack configuration
Creating a flag to allow toggling behavior that treats + character between words as space in search query
Implementing gift option for basket
Updating extract-default-messages script to support multiple locales
Adding support for localization in icon component
Making various accessibility improvements and bug fixes

Bugfixes

Only one fix was made in the current release. However, many items are marked as “Solution Scheduled” and “Solution Deploying”, which will hopefully be covered in next month’s release blog post!

Updated Cartridges & Tools

sgmf-scripts (3.x in the works)

This repository contains a collection of scrips that are useful for creating Storefront Reference Architecture overlay cartridges. All of the scripts are executable through CLI.

I’ve noticed that someone is currently working on developing version 3.x of this library. This is an exciting update that many people have been eagerly waiting for. It will be interesting to see what changes and enhancements are made in this new version.

The post Commerce Cloud 24.1 Release: A New Year Update appeared first on The Rhino Inquisitor.

The move from SiteGenesis and SFRA to the Composable Storefront as a developer

Thomas Theunen — Mon, 25 Dec 2023 13:46:42 +0000

As a Salesforce B2C Commerce Cloud developer (starter or experienced), expanding your skill set and exploring new technologies is part of the job – it all moves quickly. One option that has become available in Salesforce B2C Commerce Cloud is React.JS, a JavaScript library for building user interfaces (maybe a Headless Storefront? ).

In this article, we will discuss the history of React.JS and the Salesforce PWA Kit, the transferable skills from SiteGenesis/SFRA to React.JS, and resources for getting started with learning this technology.

A history lesson

React.JS was first released in 2013 by Facebook and has since become one of the most popular front-end development tools in the industry. The library is based on the concept of reusable components, which allows developers to build complex user interfaces by breaking them down into smaller, manageable pieces. This approach promotes code reusability and makes it easier to reason about the structure of a user interface.

React.JS quickly gained traction in the development community and has been adopted by many companies. Its popularity can be attributed to its ability to handle complex use cases, high performance, and ease of use.

Salesforce (well … the Mobify team ) saw the potential in React.JS and decided to create the Salesforce Composable Storefront. The Salesforce Composable Storefront, or PWA Kit, is an open-source toolkit that can be used to create PWAs using React.JS and SFCC APIs. This toolkit empowers developers to use the power of React.JS to create fast, responsive and engaging customer experiences for the Salesforce Commerce Cloud platform.

Transferrable Skills

Development (Duh...)

As a SiteGenesis/SFRA developer, you are already familiar with native JavaScript and have a distinct advantage when learning React. JavaScript is the foundation of React.JS, and a solid understanding of the language will make it easier for you to understand and work with the library.

One of the significant advantages of knowing native JavaScript is understanding how the underlying code works. This can be extremely useful when debugging and troubleshooting issues when working with React. Knowing JavaScript will give you more flexibility and control over your code, allowing you to optimise it for performance and scalability. (But React has its quirks and behaviours that you must also dig into!)

Knowing native JavaScript can also give you a better understanding of the web development ecosystem. This knowledge will help you make informed decisions about your tools and technologies and how they interact.

Taking the JavaScript Developer I certification is not such a bad idea, right?

Commerce

As a Salesforce B2C Commerce Cloud developer, you likely deeply understand how Commerce works. This knowledge can be transferable even when changing development languages (and platforms architectures).

When building Commerce applications, certain fundamental concepts remain consistent regardless of the technology stack used. Understanding the flow of products, inventory management, customer data, and order fulfilment are all key concepts that apply regardless of the development language or framework used.

Your understanding of business processes and the customer journey is valuable in designing and building user interfaces that provide a seamless experience for customers. Also, your knowledge of best practices and industry standards can be helpful.

For example, understanding the importance of accessibility, SEO, and performance optimisation can help you to make informed decisions when building different channels.

Commerce Cloud

A deep understanding of how Commerce Cloud functions in online and offline environments is vital. Furthermore, proficiency in utilising the platform is equally essential to succeed.

Here are some articles that might come in handy:

Where to get started

If you’re a regular reader of my articles, you probably know by now that I’m not a fan of reinventing the wheel or regurgitating something already done. I like to keep things fresh, like a smoothie made with the season’s best fruits.

So, kudos to the Salesforce team for providing some tremendous getting-started documentation:

The post The move from SiteGenesis and SFRA to the Composable Storefront as a developer appeared first on The Rhino Inquisitor.

Unravelling the mystery of dates in the OCAPI

Thomas Theunen — Mon, 18 Dec 2023 09:16:13 +0000

When we integrate third-party systems with Salesforce B2C Commerce Cloud using OCAPI or SCAPI, we often have the requirement to filter data based on date ranges or only retrieve data that has been modified after a certain time.

But how can we achieve this? Are there any other options available? Let’s explore the various filtering and query options in detail.

Querying

Not all endpoints are alike, but within the OCAPI the way of searching for different objects remains the same: making use of Queries and Filtering options.

Here are some of the example endpoints:

Attributes

Make sure to check the documentation pages for the specific endpoint to view the supported attributes before building your query.

Date Format

When crafting these date filters, adherence to the ISO 8601 date format (YYYY-MM-DDTHH:MM:SS.mmmZ) is essential for the API to parse the values correctly. Additionally, ensure that the field names, like creation_date, valid_from, valid_to, and others, correspond to your Salesforce Commerce Cloud data model’s actual date-related fields.

				
					2012-03-19T07:22:59Z // example

Range Filter

If you need to find records that fall within a specific date interval, the range_filter is your go-to option. This filter can find records with a date value sitting between a specified start (from) and end (to) date.

				
					{
  "query": {
    "filtered_query": {
      "filter": {
        "range_filter": {
          "field": "creation_date",
          "from": "2020-03-08T00:00:00.000Z",
          "to": "2020-03-10T00:00:00.000Z"
        }
      },
      "query": {
        "match_all_query": {}
      }
    }
  }
}

Range2 Filter

To deal with scenarios where you have two date fields and want to filter records with an overlapping date range, use the range2_filter. This allows the specification of a date range that overlaps the range between the two fields you are considering.

A Range2Filter allows you to restrict search results to hits where the first range (R1), defined by a pair of attributes (e.g., valid_from and valid_to), has a specific relationship to a second range (R2), defined by two values (from_value and to_value). The relationship between the two ranges is determined by the filter_mode, which can be one of the following:

overlap: R1 overlaps fully or partially with R2
containing: R1 contains R2
contained: R1 is contained in R2

				
					 "query" : {
        "filtered_query": {
           "filter": {
                "range2_filter": {
                    "from_field": "valid_from",
                    "to_field": "valid_to",
                    "filter_mode":"overlap",
                    "from_value": "2007-01-01T00:00:00.000Z",
                    "to_value": "2017-01-01T00:00:00.000Z"
                }
           },
           "query": { "match_all_query": {} }
       }
   }

Bool Filter

Sometimes, the need for complexity arises when constructing date-based queries. The bool_filter permits the combination of numerous filters for complex logical expressions. This filter is specifically helpful for creating compound date queries that may, for instance, combine status checks with date ranges.

				
					{
  "query": {
    "filtered_query": {
      "query": {
        "match_all_query": {}
      },
      "filter": {
        "bool_filter": {
          "operator": "and",
          "filters": [
            {
              "term_filter": {
                "field": "status",
                "operator": "is",
                "values": ["open"]
              }
            },
            {
              "range_filter": {
                "field": "creation_date",
                "from": "2023-01-01T00:00:00.000Z"
              }
            }
          ]
        }
      }
    }
  }
}

Term Query

For precision filtering, where a field must match an exact date, the term_query becomes the instrument of choice. This query matches records based on absolute equality with the specified date.

				
					{
  "query": {
    "term_query": {
      "fields": ["creation_date"],
      "operator": "is",
      "values": ["2023-04-01T00:00:00.000Z"]
    }
  }
}

Custom Endpoint

It is currently not fully available / BETA, but you can create custom GET endpoints tailored entirely to your requirements.

When creating these endpoints, it’s important to consider performance and caching – these are your responsibility when utilising this option.

Conclusion

The search API capabilities of OCAPI in Salesforce B2C Commerce Cloud offer robust and flexible options for date-related searches.

You can customize your searches using range_filter, range2_filter, bool_filter, and term_query as per your requirements. It is important to use the correct date format and field names to make the most out of these tools. These data querying capabilities can help you segment promotional data, manage catalog validity, or filter orders based on dates, making your commerce data handling more streamlined.

Happy coding!

The post Unravelling the mystery of dates in the OCAPI appeared first on The Rhino Inquisitor.

New APIs and Features for a Headless B2C Commerce Cloud

Thomas Theunen — Mon, 13 Nov 2023 09:54:35 +0000

The holiday period was quiet for a long time regarding Salesforce B2C Commerce Cloud releases. This was because the monolithic system required the deployment of all components, which carried the risk of bugs.

However, more options are now available with multiple “layers” in the Headless architecture. Each layer can have its release schedule, and some layers are more modular than others, allowing for finer-grained releases that will not impact the rest (at least in theory).

Major new releases are happening for the first time during the holiday season. And it’s pretty exciting!

Managed Runtime

Storefront Preview

The “Shop the Future” feature seems to have been on the Wishlist since the release of the PWA Kit. This feature was highly sought-after by merchandisers as it allowed them to set up promotions and content in advance and see how they would appear on the site.

However, it can be challenging to implement this feature without the right APIs in a Headless or Composable Commerce setup. Fortunately, this challenge can be overcome with the “Shop the Future” and “Shopper Context” options provided by the SCAPI.

This is a big win for any project already on or going to the Composable Storefront!

Here is a guide to get you started on setting it up.

Changes for the future

Headless and Composable architectures bring great flexibility for the future but pose particular challenges in monitoring and analytics. One of the significant challenges is consolidating data from multiple entities.

Salesforce has now made it mandatory to specify the back-end you connect from your storefront. This will eliminate guesswork and ensure correct logging is sent to the Log Center linked to the respective environment.

Automatically forwarding logs to the Log Center offers multiple benefits to Salesforce support and users of the Composable Storefront. With this feature, logs for HTTP requests made on production-marked environments are automatically sent, enabling them to anticipate better and troubleshoot any issues that may arise.

PWA Kit v3.2.1

With the changes happening in the managed runtime, two new releases have happened in the past month of the PWA Kit:

3.2.0
3.2.1

Besides the Storefront Preview feature, there are changes to how “Content-Security-Policy” is managed in this release. Be sure to review the changes as they are significant.

OCAPI & SCAPI

Shopper SEO - Headless URL Resolution

There is a new API in town. SiteGenesis and SFRA have had the ability forever to resolve any type of URL that you configured in the Business manager, and automatically redirect the user to the right place!

But for the PWA Kit or Headless projects, that piece of magic was always missing – until now!

Meet the new URL Resolution API!

Performance I suggest following the best practices mentioned in the documentation and using your routing system as the primary option. This API should only be used as a backup. Keep in mind that making an API call involves network hops that can potentially slow down your application.

I believe that in the future, we will witness endpoints to address some of the gaps that exist compared to SFRA. I have also learned that an upcoming feature will enable direct resolution to the SCAPI payload rather than just the relative ObjectID.

Stores

If you remember, the SCAPI release included a “Shopper Stores” group that allowed developers to build their own Store Locator in Headless scenarios.

Unfortunately, this feature was short-lived and disappeared soon after. However, with the Stores API now back in action, developers can again use the “Shopper Stores” group to create custom store locators that meet their specific needs.

This significant development will be welcomed by those eagerly waiting for this functionality to return. I only question how quickly this will make it into the PWA Kit priority-wise. Maybe this could become one of the more extensive community contributions. Who knows?

More on the horizon?

I received some exciting news about new APIs that Salesforce is currently developing. A custom object API and site preferences API are in active development and are expected to be released in the next cycle.

What APIs would you like to see? Maybe it is … (slowly walks over to the next section)

Time for Feedback

Have you ever felt helpless when you couldn’t provide feedback on a product? Worry no more!

Salesforce is looking for your valuable feedback on their Composable Storefront. They want to hear your honest opinion – the good, the bad, and everything in between. Your feedback will help them improve their product and make it even better.

What are you waiting for? Share your thoughts and help Salesforce build a product that meets your needs!

The post New APIs and Features for a Headless B2C Commerce Cloud appeared first on The Rhino Inquisitor.

Search Results for “ocapi” – The Rhino Inquisitor

Getting secured with the 24.5 Salesforce B2C Commerce Cloud release

Platform

Five Minute Minimum Period Enforced for WAF Log Retrieval

Upgrade Your Security Posture with eCDN WAFv2

Business Manager

Refine and Customize Promotions

OCAPI & SCAPI

Custom Headers

External Taxation Mode

Deprecation Notification

Development

Enhance Order Access Security with the Allow List

Account Manager

Upcoming Removal of Deprecated Roles in Account Manager

PWA Kit v3.5.x

Updated Cartridges & Tools

b2c-tools (v0.25.0)

plugin_slas(v7.3.0)

Getting to know the SFCC 24.4 Release

Added support for additional HTTP methods for Custom APIs

Rogue Query Timeouts in B2C Commerce

Manage More Images in Page Designer

Business Manager​

Configure eCDN for Staging in Business Manager

Auto-Correction is Disabled by Default

OCAPI & SCAPI

productSearch gets more data

New API: searchCustomerGroup

New API: Shopper Custom Objects API

Check for Customization with SCAPI

OCAPI JWT Response to Updated Passwords Is Changed

Updated Cartridges & Tools

b2c-tools (v0.21.1)

plugin_passwordlesslogin (v1.2.2)

In the ring: OCAPI versus SCAPI

OCAPI versus SCAPI

New APIs

SLAS

PWA Kit

Infrastructure

Rate Limits

Conclusion

Digging into the B2C Commerce Cloud 24.3 release

Platform

Add More Product Line Items per Basket

Prioritize Resource Bundle Lookup

Scheduled Backups Button Is Disabled

Business Manager

Display Alert Messages in Business Manager

OCAPI & SCAPI

Prepare for Changes to Sever-Side Web-Tier Caching

SCAPI - Shopper SEO

Shopper Baskets v2

SCAPI Load Shedding

Custom Request Headers

Account Manager

Security Update for the Audit History Logs

Bugfixes

Updated Cartridges & Tools

plugin_passwordlesslogin (v1.2.1)

composable-hybrid-sitegenesis-poc (v2.1.1)

b2c-tools (v0.20.0)

A look at the Salesforce B2C Commerce Cloud 24.2 release

Platform

Partitioned Cookies

Allow Duplicate Terms in Search Phrases

Get a Higher Level of Time Stamp Accuracy with Inventory

XML Import example

OCAPI

Business Manager

Specify a Date Format for Locales

Development

Custom SCAPI Endpoints

OCAPI & SCAPI

Custom SCAPI Endpoints

SLAS Updates

Account Manager

1.32.0 Release

SFRA v7.0.0

Business Manager