
Preview tokens
A preview token is an encrypted string that
encapsulates a set of preview options and restrictions on when and
where the token can be used. Any user who is authorized to access
your server and has the preview token, can perform preview actions
in the same store that the token is generated, with the preview
options specified.For example, a user can make a service
request in preview mode or access a generated preview URL to preview a
store in a particular customer segment.
Create preview token service
The preview options and restrictions can be
defined with the following parameters when calling the
Create preview token service:
- start
- Optional: The date and time that the preview token starts to become valid. The time is in the format "YYYY/MM/DD HH:MM:SS".
- timeZoneId
- Optional: Must be a valid Java time zone ID.
- status
- Optional: Determines if time should be static while in preview mode. If true, time is static. If false, time is elapsing.
- invstatus
- Optional:
- 0 - use inventory levels in the database.
- 1 - set all inventory filter results to true.
- -1 - set all inventory filter results to false.
- includedMemberGroupIds
- Optional: Preview as a user in these customer segments. A comma-separated list of member group IDs.
- workspaceId
- Optional: The workspace ID.
- taskGroupId
- Optional: The task group ID.
- taskId
- Optional: the task ID.
- tokenLife
- Optional: Lifespan of the preview token in minutes. The preview token expires and cannot be used after the this set time.
- startDate
- Optional: The start date/time of the preview token in the form "YYYY/MM/DD HH:MM:SS".
- endDate
- Optional: The end date/time of the preview token in the form "YYYY/MM/DD HH:MM:SS". This value takes precedence over the tokenLife parameter.
- password
- Optional: The password to access a generated preview URL.
After the create preview token service encapsulates the preview options and restrictions, the PreviewTokenServiceCmdImpl command creates the preview token and returns the preview token as a response property named "previewToken". The preview token is stored in the PREVIEWTOKEN database table.
Sample service requests and responses
For
developers who might want to customize RESTful applications to
preview content using BOD and REST services, refer to the
following sample codes to understand service request and
response formats:
- Sample create preview token AJAX
request:
https://localhost:8000/webapp/wcs/tools/servlet/A jaxPreviewTokenCreate?storeId=10001&start=2013%2F01%2F01+00%3A00%3A00& timeZoneId=America%2FNew_York&status=true&invstatus=0&includedMemberGroupIds=10001%2C10002& workspaceId=10001&taskId=10001&tokenLife=60&password=passw0rd
- Sample create preview token AJAX
response:
{ "previewToken": "iuJOiPLnTn0=" }
- For a BOD service to generate a preview token, use a
ProcessPerson BOD with
actionCode="CreatePreviewToken"
. The following is a sample create preview token BOD service request:<_mbr:ProcessPerson xmlns:_mbr="http://www.ibm.com/xmlns/prod/commerce/9/member" xmlns:_wcf="http://www.ibm.com/xmlns/prod/commerce/9/foundation" xmlns:oa="http://www.openapplications.org/oagis/9" versionID="6.0.0.4" xmlns:xsi="http://www.w3.org/2001/XMLSchemainstance"> <oa:ApplicationArea xsi:type="_wcf:ApplicationAreaType"> <oa:CreationDateTime></oa:CreationDateTime> <oa:BODID></oa:BODID> <_wcf:BusinessContext intent="Authoring"> <_wcf:ContextData name="storeId">10001</_wcf:ContextData> </_wcf:BusinessContext> </oa:ApplicationArea> <_mbr:DataArea> <oa:Process> <oa:ActionCriteria> <oa:ActionExpression actionCode="CreatePreviewToken" expressionLanguage="_wcf:XPath"/> </oa:ActionCriteria> </oa:Process> <_mbr:Person> <_mbr:Credential> <_wcf:UserData> <_wcf:UserDataField name="start">2013/01/01 00:00:00</_wcf:UserDataField> <_wcf:UserDataField name="timeZoneId">America/New_York</_wcf:UserDataField> <_wcf:UserDataField name="status">true</_wcf:UserDataField> <_wcf:UserDataField name="invstatus">0</_wcf:UserDataField> <_wcf:UserDataField name="includedMemberGroupIds">10001,10002</_wcf:UserDataField> <_wcf:UserDataField name="workspaceId">10001</_wcf:UserDataField> <_wcf:UserDataField name="taskGroupId">10001</_wcf:UserDataField> <_wcf:UserDataField name="taskId">10001</_wcf:UserDataField> <_wcf:UserDataField name="tokenLife">60</_wcf:UserDataField> <_wcf:UserDataField name="password">passw0rd</_wcf:UserDataField> </_wcf:UserData> </_mbr:Credential> <_mbr:PersonalProfile/> <_mbr:ContactInfo> <_wcf:ContactInfoIdentifier> <_wcf:ExternalIdentifier/> </_wcf:ContactInfoIdentifier> <_wcf:Address/> </_mbr:ContactInfo> </_mbr:Person> </_mbr:DataArea> </_mbr:ProcessPerson>
- Sample create preview token service
response
(BOD):
<_mbr:AcknowledgePerson xmlns:Oagis9="http://www.openapplications.org/oagis/9" xmlns:_mbr="http://www.ibm.com/xmlns/prod/commerce/9/member" xmlns:_wcf="http://www.ibm.com/xmlns/prod/commerce/9/foundation" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> <Oagis9:ApplicationArea xsi:type="_wcf:ApplicationAreaType"> <Oagis9:CreationDateTime></Oagis9:CreationDateTime> <Oagis9:BODID></Oagis9:BODID> </Oagis9:ApplicationArea> <_mbr:DataArea> <Oagis9:Acknowledge> <Oagis9:OriginalApplicationArea> <Oagis9:CreationDateTime></Oagis9:CreationDateTime> <Oagis9:BODID></Oagis9:BODID> </Oagis9:OriginalApplicationArea> </Oagis9:Acknowledge> <_mbr:Person> <_mbr:Credential> <_wcf:UserData> <_wcf:UserDataField name="previewToken">iuJOiPLnTn0=</_wcf:UserDataField> </_wcf:UserData> </_mbr:Credential> </_mbr:Person> </_mbr:DataArea> </_mbr:AcknowledgePerson>
- For a REST service to generate a preview token, use a
POST HTTP method with a URL that follows the format
"
store/storeid/previewToken
. The following is a sample create preview token REST service request:Post /wcs/resources/store/10001/previewToken HTTPS/1.1 Host: wcstestserver.raleigh.ibm.com Content-Type: application/json { "start": "2013/01/01 20:30:00", "timeZoneId": "America/New_York", "status": "true", "invstatus": "0", "includedMemberGroupIds": "10001,10002", "workspaceId": "10001", "taskGroupId": "10001", "taskId": "10001", "tokenLife": "60", "password": "passw0rd" }
- Sample create preview token service
response
(REST):
HTTPS/1.1 201 Created Content-Type: application/json { "previewToken": "iuJOiPLnTn0=" }
Preview token security
The following security features are in place for preview tokens:- By default, the create preview token command/service is restricted by access control to business users with administrative user roles.
- A preview token only works in the store where it is generated.
- A preview token will be revoked when it is sent over HTTP. The token must be sent over HTTPS.