REST interoperability
The
WebSphere Commerce REST APIs can use session cookies created by the
WebSphere Commerce store runtime for authentication. That is, a client
can mix requests to the WebSphere Commerce REST APIs and the WebSphere
Commerce store runtime within the same user session.
The REST API interoperability
framework supports the following scenarios:
- The WebSphere Commerce REST API can support web authentication cookies if AuthenticationAllowedUsingCookies is set to true in the WC\xml\config\com.ibm.commerce.foundation-fep\wc-component.xml file.
- Partial authentication (persistent sessions) is enabled by default in the
wc-rest-security.xml file for services that do not expose sensitive data. For
example, for the following
resources:
<partialAuthentication resource="store/{storeId}/productview" method="GET" enabled="true"/> <partialAuthentication resource="store/{storeId}/categoryview" method="GET" enabled="true"/> <partialAuthentication resource="store/{storeId}/sitecontent" method="GET" enabled="true"/> - WebSphere Commerce allows simultaneous web and REST sessions for the same user.
The following WebSphere Commerce REST APIs
can also be configured to create or update session cookies by setting
the updateCookiesquery parameter to true:- POST /store/{storeId}/person
- POST /store/{storeId}/guestidentity
- DELETE /store/{storeId}/guestidentity/@self
- POST /store/{storeId}/loginidentity
- DELETE /store/{storeId}/loginidentity/@self
- POST /store/{storeId}/ltpaidentity
- DELETE /store/{storeId}/ltpaidentity/@self