This Headless Commerce API Lets Shoppers Stay Logged In for 90 days. Here is How It Works.

Last Updated | February 13, 2023

Table of Contents

These days, consumers can make purchases via various channels, including desktop computers, tablets, smartphones, and even Internet of Things (IoT) devices. 

The original goal of headless commerce was to free up developers to build more comprehensive eCommerce platforms that offered a more satisfying experience for site users. As a result, it’s much easier to move customers down the sales funnel through Salesforce commerce cloud development. 

However, sessions were limited to 30 minutes in length after the last log-in. Developers, merchants, and e-commerce customers worldwide face the difficulty of keeping a user logged in for an extended period while maintaining a secure session.

Salesforce Commerce Cloud has resolved this issue for businesses with new Shopper Login and API Access Service (SLAs). Salesforce headless commerce API empowers Salesforce Commerce Cloud development companies to implement higher levels of safety and reliability in their headless commerce development.

What You Need to Know About Shopper Login API

Shopper API and service provide secure access to the Shopper APIs with Salesforce Commerce Cloud Support, which acts as a scalable authentication and authorization solution. It allows businesses to offer features that let customers sign in via federation with their preferred Identity Provider (IDP). 

The advent of OAuth 2.0-based login APIs is crucial to SLAS since it implements the pattern to refresh tokens, enabling a customer to log in and utilize that keeps you signed in for up to 90 days.

Here’s where Shopper Login Access and API Access Service come in handy; it’s a cinch to use and lets you efficiently provide several login options to your customers, both of which boost convenience and the length of their session. It’s a library of APIs that gives headless applications safe access to shopper APIs Salesforce Commerce Cloud.

The hopper Login Access and API Access Service was made possible using OAuth 2.0-based login APIs. Because of this, a shopper can keep their session active for 90 days instead of only 30. Do you find this intriguing? So, let me explain how it all goes down.

This enterprise-level authentication and authorization system safeguards the use of the Commerce platform’s Retailer Application Programming Interfaces (APIs). 

Salesforce commerce cloud development lets businesses provide features that let customers sign in via federation with their preferred Identity Provider (IDP). If you implement this feature, your customers can use the same credentials they use to access their social media or search accounts to access your website.

With the help of Salesforce Commerce Cloud implementation with this API, users can use a single set of credentials in various settings (for instance, Commerce Cloud vs. a Community Portal). OpenID-compliant social networks and search engines like Facebook and Google can be used in tandem with SLAs.

Extending a session for up to 90 days is quite convenient. However, 90 days in a mobile application environment makes more sense from a security perspective than on a web browser since using a public or shared computer could expose user details for longer than desirable. After discussing it with your Salesforce Commerce Cloud development, security, and legal teams, decide.

Do you need the Salesforce headless commerce API?

Truthfully, you could already perform the aforementioned with SFRA and SiteGenesis. The system currently supports all of the previous forms of login access, including salesforce b2b commerce cloud partner. However, they have no further practical uses. To use these with them, you’ll need to develop a separate implementation for every platform, including endless aisle, kiosk, and mobile apps.

Alternatively, Shopper Login Access and API Access Service is a Salesforce headless commerce API that any of your channels may use, regardless of whether or not they are done with salesforce commerce cloud integration.

Besides the possibility of extending the session period up to 90 days, it allows you to take the edge of the Single Sign-On feature. It is simpler to move sessions between channels if you are already using SFRA or SiteGenesis on Salesforce B2C Commerce Cloud developer.

Benefits of Salesforce Headless Commerce API

Before using this set of APIs, you should know how this integration will benefit you in the long run.

Advantages for Programmers

  • Secure API access should be implemented to avoid security risks like cross-tenant data access and exposing sensitive data during promotional periods.
  • It is possible to adopt Commerce APIs in stages using the same SLAS access token for the latest Salesforce Commerce Cloud APIs (SCAPIs) and the existing Open Commerce APIs (OCAPIs) in a given headless application.
  • Headless applications of all types, including full-stack web apps, server-side BFF apps, mobile/native apps, and single-page web apps) should have a secure login mechanism for accessing the API (public clients).
  • Put into practice authentication standards developed for your sector (finance, telco, insurance).

Advantages to Consumers

  • Use an external identifier service and log in (for instance, Google, Facebook, and Auth0).
  • Salesforce commerce cloud integration, Experience Cloud, and other Salesforce services into your existing site with a single sign-on.
  • Enjoy a more tailored shopping journey. To use the Commerce Einstein APIs for tracking user behavior, the SLAS API returns a unique identification for each guest and registered user.
  • Keep your shopping basket open and your session active for longer.
  • Use the Shopper Application Programming Interfaces (APIs) provided by Salesforce Commerce Cloud Support services to access their powered services (for commerce API and OCAPI).

The Shopper Login API: How Does It Function?

Accessing a wide range of headless applications is made easy with SLAS’s scalable login and API access. In Salesforce commerce cloud development, there are three stages to this procedure:

  1. The shopper registers using an external identity provider (Google and Auth0) or an internal (Salesforce Commerce B2C system).
  2. The app is issued a token with complete access to the Shopper API.
  3. Thirdly, the token is a key to accessing any B2C Commerce Shopper APIs the app supports.

For various headless applications, SLAS employs standard OAuth 2.0-based login procedures. Enforcing customer credentials for guest users, an authorization code flow for registered consumers, federating login to the external IDP, and authorization code pkce for signing buyers. It’s then forwarded into the Business to the Customer system. These all are necessary for web apps with server-side back-end for front-end (BFF), where a client secret can be securely stored on a front-end.

The authorization code pkce flow must be implemented in various forms for anonymous and known users to work with single-page applications (SPAs) and mobile/native applications. The developer guide goes into greater depth into these processes.

By making the SLAS GA in April 2021, Salesforce Commerce Cloud Support has given devs the tools they need to upgrade client implementations to accommodate two types of headless apps:

  1. Web apps that rely on a server-side backend or BFF and have their clients run in isolation.
  2. Public-facing mobile/native apps or single-page web apps. This second pattern will be used by everyone who buys our PWA Kit.

In each design, the user must actively go through the login process. Moreover, there is interest in enabling the third pattern, trusted system login, on a shopper’s behalf. 

Unlike Salesforce B2B Commerce Integration, Customers do not manually enter their credentials into the B2C e-commerce system in this setup. Instead, a shopper’s personal information is requested from or updated by a reliable app. 

This pattern allows the authorized app to access and modify the shopper’s profile information, shopping cart contents, and order history. To certify with the B2C Commerce system as a relied app on behalf of shoppers, this flow is generally used by developers who attest shoppers with the help of a third-party IDP.

The reliable app could be hosted locally or remotely. Applications like Experience Cloud and Salesforce Order Management are examples of trusted internal systems. For the consumer’s benefit, “external trusted applications” can be any third-party applications that communicate with the Salesforce Commerce Cloud implementation.

In the case of Salesforce Commerce Cloud Migration, sellers can easily access the customers’ login details. Moreover, a salesforce commerce cloud consultant can also help you with API settings.

How to Utilize this API In A Monolithic Setup?

Using SFRA, you may quickly improve your consumers’ online purchasing experience by adding new features and Salesforce Commerce Cloud Optimization. Use the new merged feature cartridge (plugin cartridge merge) to install and use multiple supplemental SFRA features in your present setup without the assistance of a programmer. 

It’s also simple to turn off individual functions if necessary. The cartridge integrates the benefits of Shopper Login Access and API Access Service into SFRA’s monolithic architecture, turning it into a real headless commerce player.

However, you should be aware of the following potential downsides:

  • Since the cartridge makes three or four more remote API calls, using this API may slow down your site. However, you have nothing to worry about; like all Salesforce B2B Commerce Integration, this salesforce commerce cloud integration is subject to the same performance and uptime standards.
  • 4 remote APIs(2 SCAPI and 2 OCAPI calls) are used to get the login and registration through Shopper Login Access and API Access Service to work. 

There are now just 4 API requests you can make throughout the login process. According to an update, 5 API calls are needed during registration in some situations, which counts for a significant part of your “budget.”

  • You can continue to utilize SiteGenesis, but it won’t be plug-and-play anymore, as with SFRA. The code is straightforward, so you can use it as a reference to build the customized version of SiteGenesis you need.

Conclusion

Both Shopper Login Access and API Access Service have the potential to assist in extending user sessions within a protected setting. This Salesforce headless commerce API is capable of working with many channels. 

Users can utilize the Single Sign-in functionality and extend the session length to a maximum of ninety days. This could mean working in an all-in-one feature cartridge for people using a monolithic setup. This cartridge unlocks several additional optional SFRA features without the assistance of a developer. 

This particular feature of Salesforce Commerce Cloud implementation has helped customers and sellers efficiently manage the log-in feature.

Source: https://ecommerce.folio3.com/blog/salesforce-headless-commerce-api/



You might also like this video