Home
Documentation
HCL Commerce is a high-availability, highly scalable and customizable e-commerce platform. Able to support hundreds of thousands of transactions per day, HCL Commerce allows you to do business with consumers (B2C) or directly with businesses (B2B). HCL Commerce uses cloud friendly technology to make deployment and operation both easy and efficient. It provides easy-to-use tools for business users to centrally manage a cross-channel strategy. Business users can create and manage precision marketing campaigns, promotions, catalog, and merchandising across all sales channels. Business users can also use AI enabled content management capabilities.
Customizing
The topics in the Customizing section describe tasks performed by an application developer to customize HCL Commerce.
Representational State Transfer (REST) services
HCL Commerce uses Representational State Transfer (REST) services to provide a framework that can be used to develop RESTful applications on several platforms. These platforms can include web, mobile, kiosks, and social applications.
REST authentication
Consider the HCL Commerce authentication issues and features such as user sessions with REST services.
REST authentication flow
REST services are authenticated in HCL Commerce on secure and unsecured channels.

Documentation
HCL Commerce is a high-availability, highly scalable and customizable e-commerce platform. Able to support hundreds of thousands of transactions per day, HCL Commerce allows you to do business with consumers (B2C) or directly with businesses (B2B). HCL Commerce uses cloud friendly technology to make deployment and operation both easy and efficient. It provides easy-to-use tools for business users to centrally manage a cross-channel strategy. Business users can create and manage precision marketing campaigns, promotions, catalog, and merchandising across all sales channels. Business users can also use AI enabled content management capabilities.
- Getting started
  HCL Commerce has different advantages for business users, administrators and developers. HCL Commerce targets each of these roles with a tailored set of offerings so that each of your users can get maximum benefit.
- Installing and deploying
  Learn how to install and deploy HCL Commerce development environments and HCL Commerce production environments.
- Migrating
  Before you migrate to HCL Commerce Version 9.1, review this information to help plan and execute your migration.
- Operating
  Topics in the Operating category highlight tasks that are typically performed by business users, customer support representatives, to complete their day-to-day tasks in the operation of the HCL Commerce site.
- Integrating
  Topics in the Integrating category highlight the tasks that are commonly performed for using HCL Commerce in combination with other products.
- Administering
  Topics in the Administering category highlight tasks that are typically performed by the Site Administrator, to support daily operations of the HCL Commerce site.
- Customizing
  The topics in the Customizing section describe tasks performed by an application developer to customize HCL Commerce.
  - Customizing Management Center for HCL Commerce
    HCL Commerce allows you to pull the GIT bundle of Management Center source code and start the application locally to customize the Management Center.
  - Managed asset deployment
    Managed assets are files that are uploaded by business users to be used for store marketing, or to supplement products. They are added to HCL Commerce through the Assets tool or the Marketing tool in Management Center. By default, managed assets are extracted and deployed through the HCL Commerce EAR. To maintain performance in a large-scale production environment, site administrators must switch to alternative extraction and deployment methods for managed assets.
  - HCL Commerce development environment
    HCL Commerce Developer is the development toolkit for customizing a HCL Commerce application.
  - Functional architecture
    Functional architecture provides both the set of patterns used to implement the business functionality and the frameworks in which these business functions execute.
  - Persistent object model
    HCL Commerce deals with a large amount of persistent data. There are numerous tables defined in the current database schema. Even with this extensive schema, however, you might need to extend or customize the database schema for your particular business needs.
  - Creating your custom store
    After you install and set up your programming environment, you can create your custom store and customize your storefront. You must ensure that the store server is properly configured, and that your store assets are moved to the Store server.
  - Presentation layer
    HCL Commerce uses Java Server Pages (JSP) to implement the view layer of the Model-View-Controller (MVC) design pattern. The view layer is in charge of retrieving data from the database through the use of data beans and formatting it to meet the display requirements. The view layers determines whether the request is sent to a browser or streamed out as XML. JSP files present a clean separation between data content and presentation.
  - Controller layer
    The Controller layer is the conductor of operations for a request. It controls the transaction scope and manages the session related information for the request. The controller first dispatches to a command and then calls the appropriate view processing logic to render the response.
  - Business logic layer
    The business logic layer is the business components that provide OAGIS services to return data or start business processes. The presentation layer uses these OAGIS services to display data, or to invoke a business process. The business logic provides data required by the presentation layer. The business logic layer exists because more than just fetching and updating data is required by an application; there is also additional business logic independent of the presentation layer.
  - Persistence layer
    The interaction between the business objects and persistence layer is isolated in an object called the Business Object Mediator. Business object document (BOD) commands interact with the Business Object Mediator to handle the interaction with the logical objects and how they are persisted.
  - Business model information model
    A business model, a representation of the business processes used throughout the site, provides a sample commerce solution which includes an organization structure, default user roles and access control policies, one or more starter stores, administration tools, and business processes that demonstrate best practices. A business model can be customized to support business requirements and scenarios. HCL Commerce provides sample business models that show some common commerce solutions. These business models are created by setting up an organization hierarchy structure, access control policies, stores, and contracts that help satisfy the necessary business requirements.
  - Business models
    Before starting to develop your site with HCL Commerce, you need to determine the business model supported by HCL Commerce that best represents the purpose of your site. Usually sites created with HCL Commerce will be implemented based on of one of these business models.
  - Store data information model
    Store data is the information that is loaded into the Transaction server database, which allows your store to function. The URL Registry Entries and View Registry Entries packages are included in the diagram, but they are not database assets. These entries are presentation configuration (that is, struts actions and forwards) that must be deployed. URL registry entries are shown in the diagram to illustrate the entire store data information model. To operate properly, a store must have the data in place to support all customer activities. For example, in order for a customer to make a purchase, your store must contain a catalog of goods for sale (catalog data), the data associated with processing orders (tax and shipping data), and the inventory to fulfill the request (inventory and fulfillment data).
  - Customizing HCL Commerce
    You can extend the HCL Commerce product to fit your business needs. This topic describes the prerequisite skills and required knowledge that you need to customize business logic. After you have the required knowledge, use HCL Commerce Developer to take tutorials that guide you step-by-step through various customization scenarios.
  - Run Engine command framework
    The Run Engine command framework provides predefined commands, that you can use to change environment parameters or container configurations. This framework is built into the HCL provided Docker images.
  - GraphQL for HCL Commerce
    The GraphQL markup language is available for any API. It is a server-side interpreter for processing queries using a data type system you design. With GraphQL, your data and code are independent of any database or storage system.
  - Representational State Transfer (REST) services
    HCL Commerce uses Representational State Transfer (REST) services to provide a framework that can be used to develop RESTful applications on several platforms. These platforms can include web, mobile, kiosks, and social applications.
    - Creating and customizing REST services
      You can create and customize your own REST services with HCL Commerce Developer.
    - Working with REST services
      You can work with existing REST services to meet your business needs.
    - Creating custom OpenAPI specifications
      This template can be used to create a new swagger specification JSON file.
    - Maintenance procedures
      To edit an OpenAPI specification, it is recommended that you use the Swagger Editor. The Swagger Editor is an in-browser, online editor. It has built-in validation tools and other tools for working with Swagger specifications.
    - REST authentication
      Consider the HCL Commerce authentication issues and features such as user sessions with REST services.
      - REST authentication and access control
        Depending on the REST services, they might require authentication or access control.
      - REST authentication flow
        REST services are authenticated in HCL Commerce on secure and unsecured channels.
      - Enabling partial authentication and cookie-based authentication
        You can enable partial authentication for new or existing REST services. Partial authentication enables persistent sessions for shoppers, so that they can be remembered.
      - REST interoperability
        The HCL Commerce REST APIs can use session cookies created by the HCL Commerce store runtime for authentication. That is, a client can mix requests to the HCL Commerce REST APIs and the HCL Commerce store runtime within the same user session.
    - REST security
      Consider the HCL Commerce security issues and features such as authorization, and access control policies for REST services.
    - REST local binding
      Local binding improves the performance of the REST framework by providing an optimized REST flow.
    - REST performance
      You can optimize REST services for performance. For example, with client and server-side caching.
    - REST configuration properties in the component configuration file (wc-component.xml)
      The component configuration file (wc-component.xml) contains properties to configure various REST features.
    - REST configuration properties in store struts configuration files (struts-wcs-stores-xxx-rest-services.xml)
      Store struts configuration files, struts-wcs-stores-xxx-rest-services.xml, where the value of xxx is the component of the filename that describes the store component or feature, contain properties to configure various REST-based features of the store at a more granular level.
  - Web services
  - Search
    HCL Commerce comes with a powerful and fully integrated search function. The search functions in HCL Commerce provide an enriched customer experience, with features such as automatic search term suggestions and spelling correction. Since it is built on industry standards, HCL Commerce Search is highly flexible and extensible. Starter stores can use the search engine's most sophisticated features without requiring extra customization. Starting with Version 9.1, HCL Commerce Search with Elasticsearch microservices manage indexing and other crucial tasks, with no performance impact on the storefront or transaction server.
- Tutorials
  HCL Commerce provides many tutorials to help you customize and understand your HCL Commerce instance and stores.
- Samples
  Topics in the Samples category highlight the various samples that are provided with HCL Commerce.
- Compliance
  The following section describes how you can leverage HCL Commerce features and functionality to help your site be compliant with different privacy and security standards.
- Securing
  These topics describe the security features of HCL Commerce and how to configure these features.
- Performance
  Topics in the Performance section describe the means by which to plan, implement, test, and re-visit the optimization of HCL Commerce site performance.
- Troubleshooting
  Topics in the Troubleshooting section highlight common issues that are encountered with HCL Commerce, and how they can be addressed or mitigated.
- Reference
  Topics in the Reference section contain all of the HCL Commerce reference documentation.

REST authentication flow

REST services are authenticated in HCL Commerce on secure and unsecured channels.

The following diagram shows the REST authentication flow for the REST and Web clients:

REST authentication flow

Where:

If the call is on a secure channel:

If the WCTrustedToken header is present, use the WCTrustedToken header.
If the WC_AUTHENTICATION_* cookie is present and cookie usage is allowed for REST, use the WC_AUTHENTICATION_* cookie matching the specified store ID.
If the WC_PERSISTENT cookie is present and cookie usage is allowed for REST, use the WC_PERSISTENT cookie if persistent sessions are enabled for the service. Otherwise, an exception is thrown indicating that partial authentication is not allowed.

If the call is on an unsecure channel:

If the WCToken header is present, use the WCToken header.
If the WC_USERACTIVITY_* cookie is present and cookie usage is allowed for REST, use the WC_USERACTIVITY_* cookie matching the specified store ID. Then, set the WC_USERACTIVITY_* cookie in the response with an updated timeout value, only if the expiration is within the configured threshold to avoid updates on every request.
If the WC_PERSISTENT cookie is present and cookie usage is allowed for REST, use the WC_PERSISTENT cookie if persistent sessions are enabled for the service. Otherwise, an exception is thrown indicating that partial authentication is not allowed.

Note: it is recommended to use cookies for authentication, so that persistent sessions are enabled for shoppers to be remembered. For more information, see Enabling partial authentication and cookie-based authentication for REST services.