WebSphere Commerce REST API
WebSphere Commerce REST services are JAX-RS REST services that are built on top of Apache Wink. The implementation classes contain JAX-RS annotations such as @Path, @Produces, @Consumes, @QueryParam, and @PathParam.
Query parameters
- responseFormat
- The response format of the request. JSON and XML formats are supported
by default. The responseFormat values are
xml
orjson
. The default value isjson
.JSON is the only response format that is supported by the WebSphere Commerce search REST API by default. For example, in the CategoryViewHandler, ProductViewHandler, and SiteContentHandler resources denoted by (Search).
JSON and XML response formats are supported by default.
For custom formats, use lowercase letters for the response format value. For example,
responseFormat=custom
.The response format of the request is determined by using the following precedence: the responseFormat query parameter in the URL, and then the HTTP Accept request header. Otherwise,
json
is the default response format. - langId
- The language ID used during the query. If not specified, the default store language ID is used.
- locale
- The locale of the request.
- currency
- The currency that is used to display monetary values in the feed data.
- catalogId
- The catalog ID used during the query. If not specified, the default store catalog ID is used.
- forUser
- The user name for the request.
- forUserId
- The user ID for the request.
- workspace.name
- The name of the workspace to use.
- workspace.taskGroup
- The identifier of the taskgroup within the workspace.
- workspace.task
- The identifier of the task within the workspace.
WebSphere Commerce search query parameters
- profileName
- An optional search profile name that can be specified. It must be listed under the Search-Rest/WEB-INF/config/com.ibm.commerce.rest/wc-rest-resourceconfig.xml configuration file for the resource that is being requested.
- responseTemplate
- The structure of response that is being used.
Authentication
- loginidentity
- Uses a user name and password to authenticate a registered user.
- guestidentity
- Creates an identity for a guest user.
- ltpaidentity
- Uses an LTPA token to authenticate a user.
{
"WCToken": "xxxxxxxxxxxxxxxxxxx",
"WCTrustedToken": "xxxxxxxxxxxxx",
"personalizationID": "1321550980363-1",
"userId": "2"
}
After successfully obtaining the authentication data, you must pass the WCToken and WCTustedToken in the HTTP header for every request that requires authentication. If a request is sent over HTTP, pass the WCToken in the HTTP header. That is, do not pass the WCTrustedToken in HTTP requests, as it might be shown. However, both WCToken and WCTrustedToken must be sent if a request is sent over HTTPS.
HttpPost request = new HttpPost(secureUrl);
request.addHeader("Content-Type", "application/json");
request.addHeader("WCToken", wcToken);
request.addHeader("WCTrustedToken", wcTrustedToken);
HTTP Basic Authentication
Using the HTTP basic authentication standard avoids maintaining a session. Instead, the REST API on the WebSphere Commerce server can be called, specifying the user name and password on every request.
Authorization
header in the following way:- The user name and password are combined into a string called
username:password
. User names and passwords that contain a colon character (:) are not supported. - The resulting string literal is then encoded using the RFC2045-MIME variant of Base64, except it is not limited to 76 characters per line.
- The authorization method and a space is then put before the encoded string. For example,
Basic
.
Aladdin
as the user name and open
sesame
as the password, the header is formed in the following
way:
Authorization: Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ==
Personalization ID
The personalization ID must be explicitly passed in on every REST call, as the services might call the marketing engine, which in turn might require the personalization ID. For example, the catalog search REST API uses the marketing component to associate search terms by default.
The WCPersonalization header is used by clients that use the REST Token Authentication mechanism. For example, this ID is used by default for getMarketingSpotData, and catalog search calls. The header ensures that there is no interference with cache keys for calls that do not require it.
- Use a URL parameter or in the request body if explicitly used by a method.
- Use the WCPersonalization HTTP header, if present.
- Use the WC_PERSISTENT cookie if cookie consumption is allowed and the cookie exists.
- Extract the personalization ID from the current session, if one exists.
- Otherwise, the personalization ID is null.
Pagination
Data that is returned by a REST API with support for pagination can be manipulated with the following parameters:
- pageSize
- Maximum number of objects to return.
- pageNumber
- Number of the page to return, starting at 1.
Internally, this data is translated with the
formula: startNumber = (pageNumber - 1) * pageSize
;
If either of those numbers is zero or less (the default value if not specified), then paging isn't used.
pageSize | pageNumber | Result |
---|---|---|
-1 | -1 | ["a","b","c","d","e","f","g","h","i","j","k"] |
-1 | 0 | ["a","b","c","d","e","f","g","h","i","j","k"] |
-1 | 1 | ["a","b","c","d","e","f","g","h","i","j","k"] |
0 | -1 | ["a","b","c","d","e","f","g","h","i","j","k"] |
0 | 0 | ["a","b","c","d","e","f","g","h","i","j","k"] |
0 | 1 | ["a","b","c","d","e","f","g","h","i","j","k"] |
0 | 2 | ["a","b","c","d","e","f","g","h","i","j","k"] |
5 | -1 | ["a","b","c","d","e","f","g","h","i","j","k"] |
5 | 0 | ["a","b","c","d","e","f","g","h","i","j","k"] |
5 | 1 | ["a","b","c","d","e"] |
5 | 2 | ["f","g","h","i","j"] |
5 | 3 | ["k"] |
5 | 4 | [] |
15 | -1 | ["a","b","c","d","e","f","g","h","i","j","k"] |
15 | 0 | ["a","b","c","d","e","f","g","h","i","j","k"] |
15 | 1 | ["a","b","c","d","e","f","g","h","i","j","k"] |
15 | 2 | [] |
HTTPS versus HTTP
<sslConfig resource="store/{storeId}/cart/@self/checkout" enabled="true"/>
<sslConfig resource="store/{storeId}/cart/@self/precheckout" enabled="true"/>
<sslConfig resource="store/{storeId}/cart/@self/payment_instruction" enabled="true"/>
<sslConfig resource="store/{storeId}/cart/@self/shipping_info" enabled="true"/>
<sslConfig resource="store/{storeId}/guestidentity" enabled="true"/>
<sslConfig resource="store/{storeId}/loginidentity" enabled="true"/>
<sslConfig resource="store/{storeId}/ltpaidentity" enabled="true"/>
<sslConfig resource="store/{storeId}/order" enabled="true"/>
<sslConfig resource="store/{storeId}/person" enabled="true"/>
<sslConfig resource="store/{storeId}/wishlist" enabled="true"/>
partialAuthentication
flag. For example:
<security>
<partialAuthentication resource="store/{storeId}/wishlist" method="POST" enabled="true"/>
</security>
Where each resource listed as partialAuthentication=true
is
allowed to consume the partial authentication stored in the WC_PERSISTENT
cookie.
This configuration is only used if cookie consumption is allowed on
the REST API. The default value is false. When a service is called,
the service URL is matched with the resource patterns, starting with
the longest pattern, matching the behavior of the sslConfig
nodes
in the file.HTTP method overrides
- GET
- POST
- PUT
- DELETE
X-HTTP-Method-Override: PUT
X-HTTP-Method-Override: DELETE
Controller command services
- Create a resource handler for the controller commands that use the same noun by extending the AbstractClassicResourceHandler class. The recommended naming convention for the resource handler is ControllerCommandNounCmdHandler. For example, OrderItemCmdHandler.java.
- The URL naming convention for the controller command can follow
one of the following methods, depending on your requirements:
- Following Create, Read, Update, and Delete (CRUD) operations:
- For Create: POST, store/{storeId}/{ControllerCommandNoun}. For example, store/11051/orderitem.
- For Update: PUT, either store/{storeId}/{ControllerCommandNoun}.
For example, store/11051/orderitem, or
store/{storeId}/{ControllerCommandNoun}/{byCriteria}/{criteriaIdentifier}. For example, store/11051/orderitem/byOrderItemId/45002.
- For Delete: DELETE, store/{storeId}/{ControllerCommandNoun}/{byCriteria}/criteriaIdentifier. For example, store/11051/orderitem/byOrderItemId/45002.
- Following generic naming conventions that are based on actions:
- POST, store/{storeId}/{ControllerCommandNoun}/{action}.
For example, store/11051/order/copy, store/11051/order/calculate, or store/11051/orderitem/move.
- POST, store/{storeId}/{ControllerCommandNoun}/{action}.
- Following Create, Read, Update, and Delete (CRUD) operations:
- The command parameters (name-value pairs) can be sent as the URL path parameters, as the URL query parameters or in the request content, or both. They must be set to the request properties before the command is called.
- The response properties (
TypedProperty
class) are serialized and returned after the command is run.
For more information and samples, see Best practices for mapping REST API methods to controller commands.
Data bean services
- Create a resource handler for each data bean that uses the same noun by extending the AbstractClassicResourceHandler class. The recommended naming convention for the resource handler is DataBeanObjectDataBeanHandler. For example, CatalogDataBeanHandler, OrganizationDataBeanHandler.
- The URL naming convention for the resource handler is store/{storeId}/{DataBeanObject}. For example, store/11051/catalog.
- The data bean parameters (name-value pairs) are expected to be sent in the content by using a POST request.
- The response properties (
TypedProperty class
) are set by the resource handler, serialized, and returned. - An
accessProfile
query parameter should be used when you are filtering the amount of return data.
For more information and samples, see Best practices for mapping REST API methods to data beans.
WebSphere Commerce search REST APIs
The REST classes that are denoted by (Search) in the title are applicable to the WebSphere Commerce search server.
- The services are served by the search server and can be separately scaled from the WebSphere Commerce server. Instead, the WebSphere Commerce server is used for processing transactional requests.
- The WebSphere Commerce search REST API is built to extract data from Solr queries, avoiding the need for the BOD mediation layer.
Validation between WebSphere Commerce and WebSphere Commerce search in B2C and B2B scenarios
- B2C
- Performing a REST service callback to WebSphere Commerce for identity
revalidation is not required in the B2C scenario, as the shopper identity
is not required for storefront searching and browsing scenarios. Therefore,
whether the browser request comes in as a generic, guest, or authenticated
shopper is irrelevant. All the users get the same public content and
therefore no identity revalidation is required.Note: The exception case is where partial authentication is not allowed on the search server. In this case, a revalidation (BCS) callback is required whenever a partially authenticated cookie or token is passed in from the header.
- B2B
- A contract ID is explicitly passed in from the URL in the B2B
scenario. The contract revalidation is performed by using JDBC directly
against the database.Note: When entitlement check is disabled, there is no BCS callback to WebSphere Commerce and the contract that is passed in is ignored at runtime.
Interoperability
The WebSphere Commerce REST APIs can use session cookies created by the WebSphere Commerce store runtime for authentication. That is, a client can mix requests to the WebSphere Commerce REST APIs and the WebSphere Commerce store runtime within the same user session.
- The WebSphere Commerce REST API can support web authentication cookies if AuthenticationAllowedUsingCookies is set to true in the WC\xml\config\com.ibm.commerce.foundation-fep\wc-component.xml file.
- Partial authentication (persistent sessions) is enabled by default in the
wc-rest-security.xml file for services that do not expose sensitive data. For
example, for the following
resources:
<partialAuthentication resource="store/{storeId}/productview" method="GET" enabled="true"/> <partialAuthentication resource="store/{storeId}/categoryview" method="GET" enabled="true"/> <partialAuthentication resource="store/{storeId}/sitecontent" method="GET" enabled="true"/>
- WebSphere Commerce allows simultaneous web and REST sessions for the same user.
- The following WebSphere Commerce REST APIs
can also be configured to create or update session cookies by setting
the
updateCookies
query parameter to true:- POST /store/{storeId}/person
- POST /store/{storeId}/guestidentity
- DELETE /store/{storeId}/guestidentity/@self
- POST /store/{storeId}/loginidentity
- DELETE /store/{storeId}/loginidentity/@self
- POST /store/{storeId}/ltpaidentity
- DELETE /store/{storeId}/ltpaidentity/@self
Limitations
- Review the available REST services to ensure the functionality that you are implementing is available. For example, promotion codes are not supported by default when you are using REST services in the CartHandler pre-checkout and checkout flows.
- REST services are primarily designed to work with the Aurora starter store. REST services are not supported in starter stores that support the B2B direct business model, for example the Elite starter store.
- REST API handlers rely on WebSphere Commerce search to function correctly. For example, the ProductViewHandler and CategoryViewHandler use search-based catalog navigation. You must enable WebSphere Commerce search, or customize REST services to suit your business requirements when you are working with these handlers.
- REST
services are not supported under store preview and workspaces. REST
requests do not respect the preview context. That is, all requests
use the base schema and not the workspace schema.
Rest services are now supported under store preview if you enable preview support for RESTful applications.
- Data compression is not supported by default, as it might result in search errors in the storefront.
- JSON is the only response format that is supported by the WebSphere Commerce search REST API by default. For example, in the CategoryViewHandler, ProductViewHandler, and SiteContentHandler resources denoted by (Search).
- REST services that use secure (HTTPS) requests to retrieve e-Marketing Spot data are not supported by default. To make secure requests for retrieving e-Marketing Spot data, you must first apply the interim fix for APARJR50253.
WebSphere Commerce REST API
- 1.0
- 1.4.0