WebSphere Commerce Service - Authentication, Authorization and Session Management

WebSphere Commerce Service - Authentication, Authorization and Session Management

These services provide APIs related to authentication, authorization and session management in a B2B or B2C store. Use these classes to:
Generate a preview token
Get the user context of a shopper (for example, PersonalizationId)
Log on or log off a registered user using an LTPA token
Log on or log off a registered shopper using their username and password
Create or log off a guest user
Check if a user has access to a specified view Schemes: https
Summary

Tag: Preview Token

This class provides RESTful services to generate the preview token.

Operation Description
POST /store/{storeId}/previewToken/isvalid
Check password validity
POST /store/{storeId}/previewToken
Get preview token

Tag: User Context

This class provides RESTful services to get the user context of a shopper. For example, PersonalizationId.

Operation Description
GET /store/{storeId}/usercontext/personalizationId
Get personalization ID
GET /store/{storeId}/usercontext/@self/contextdata
Get context data from request

Tag: LTPA Identity

This class provides RESTful services to login and logout a registered user using an LTPA token. It performs the service by delegating to the Person BOD service.

Operation Description
POST /store/{storeId}/ltpaidentity
Authenticate user using LTPA token
DELETE /store/{storeId}/ltpaidentity/@self
Log out user

Tag: Login Identity

This class provides RESTful services to login and logout a registered shopper using their user name and password. It performs the service by delegating to the Person BOD service.

Operation Description
POST /store/{storeId}/loginidentity
Log in user
DELETE /store/{storeId}/loginidentity/@self
Log out user

Tag: Guest Identity

This class provides RESTful services to create a guest and log the guest out. It performs the service by delegating to the Person BOD service.

Operation Description
POST /store/{storeId}/guestidentity
Create identity token
DELETE /store/{storeId}/guestidentity/@self
Log off guest user

Tag: Access Control For View

This class provides RESTful services to get check if a user has access to specified view.

Operation Description
GET /store/{storeId}/access_control/byUserIdAndViewId
Check access

Paths
Check access
GET /store/{storeId}/access_control/byUserIdAndViewId
Tags: Access Control For View

Checks whether the user is allowed to access this view. Can only be called after logging in as an integration user. As such, requests must be sent with an integration user cookie or token. An integration user is a user in the RemoteConfigurationReader member group.

storeId
The store identifier.
path string
responseFormat
The response format. Valid values are json and xml. If the request contains an input body, it must use the format specified in responseFormat. If the responseFormat is not specified, the accept HTTP header determines the format of the response. If the accept HTTP header is not specified then default response format is json.
query string , x ∈ { xml , json }
profileName
Profile name. Profiles determine the subset of data returned by a query.
query string

application/json application/xml application/xhtml+xml application/atom+xml

200 OK

The requested completed successfully. com.ibm.commerce.acc.beans.AllowUserToAccessViewDataBean

400 Bad Request

Bad request. The request could not be understood by the server due to malformed syntax.

401 Unauthorized

Not authenticated. The user session is not valid.

403 Forbidden

The user is not authorized to perform the specified request.

404 Not Found

The specified resource could not be found.

500 Internal Server Error

Internal server error. For details, see the server log files.

Create identity token
POST /store/{storeId}/guestidentity
Tags: Guest Identity

Creates identity tokens for a guest user.

storeId
The store identifier.
path string
responseFormat
The response format. Valid values are json and xml. If the request contains an input body, it must use the format specified in responseFormat. If the responseFormat is not specified, the accept HTTP header determines the format of the response. If the accept HTTP header is not specified then default response format is json.
query string , x ∈ { xml , json }
application/json application/xml application/xhtml+xml application/atom+xml
200 OK
No response was specified. Example for application/json
{
    "WCToken": "12048%2CYDvAUQeRQWwodcMp2Hmqni%2FfGFasFkn3xxpLjiRRk8osjIKSuCIT3PkXttb02k78OTT1Rh8Z1u%2BLceI%2FmAalGEKO9WKucAEkAcleqB4BG%2BeXth%2Fk0dRU3Jj%2FEIRnOCrX2e31rVOS%2F5YbrAsyQQRkijvsBVY4LAwShshUqzeZgwgqtrhH9hfH%2F%2B254%2FV%2FGegQcGepnyZwsGkkb64F2Ed8cw%3D%3D",
    "WCTrustedToken": "12048%2C2h4%2FBl4sH%2BodrUr586mFxxhbMWM%3D",
    "personalizationID": "1416846174646-19",
    "userId": "12048"
}
                                            
com.ibm.commerce.rest.member.handler.GuestIdentityHandler$UserIdentity
201 Created The requested resource has been created. 400 Bad Request Bad request. The request could not be understood by the server due to malformed syntax. 401 Unauthorized Not authenticated. The user session is not valid. 403 Forbidden The user is not authorized to perform the specified request. 404 Not Found The specified resource could not be found. 500 Internal Server Error Internal server error. For details, see the server log files.
Log off guest user DELETE /store/{storeId}/guestidentity/@self Tags: Guest Identity Logs out a guest user. storeId The store identifier. path string responseFormat The response format. Valid values are json and xml. If the request contains an input body, it must use the format specified in responseFormat. If the responseFormat is not specified, the accept HTTP header determines the format of the response. If the accept HTTP header is not specified then default response format is json. query string , x ∈ { xml , json } application/json application/xml application/xhtml+xml application/atom+xml 200 OK The requested completed successfully. Empty 400 Bad Request Bad request. The request could not be understood by the server due to malformed syntax. 401 Unauthorized Not authenticated. The user session is not valid. 403 Forbidden The user is not authorized to perform the specified request. 404 Not Found The specified resource could not be found. 500 Internal Server Error Internal server error. For details, see the server log files. Log in user POST /store/{storeId}/loginidentity Tags: Login Identity Logs in a registered user using their user name and password. application/json application/xml Logon body. com.ibm.commerce.rest.member.handler.LoginIdentityHandler$LoginForm storeId The store identifier. path string responseFormat The response format. Valid values are json and xml. If the request contains an input body, it must use the format specified in responseFormat. If the responseFormat is not specified, the accept HTTP header determines the format of the response. If the accept HTTP header is not specified then default response format is json. query string , x ∈ { xml , json } application/json application/xml application/xhtml+xml application/atom+xml 200 OK No response was specified. Example for application/json { "WCToken": "-1000%2CuLnMtv8dikzM6ZKSzeudV2pidm1q9X72Zrn2HYYPsiY0q3iIaGV8hV9iMPUq%2FyJGzlFfXYFTgjxLAQlNprGT3DGAgYUG7NuKqtQeDAc2PqDs7ET5P9saWOhQzwkFarXreWM4iyoU22ePEuo98sO0N1%2FDdwHngNNdDzxPkcpNkgvMM1sGEzB%2BQDQTK2wNd%2BN%2FxEYOS%2Fv0e%2FnyJ4pZwlfZWA%3D%3D", "WCTrustedToken": "-1000%2C9%2FR5rBj%2BoMsriTs8Ind%2BOzwwZko%3D", "personalizationID": "1414623829608-1", "userId": "-1000" } com.ibm.commerce.rest.member.handler.LoginIdentityHandler$UserIdentity 201 Created The requested resource has been created. 400 Bad Request Bad request. The request could not be understood by the server due to malformed syntax. 401 Unauthorized Not authenticated. The user session is not valid. 403 Forbidden The user is not authorized to perform the specified request. 404 Not Found The specified resource could not be found. 500 Internal Server Error Internal server error. For details, see the server log files. Log out user DELETE /store/{storeId}/loginidentity/@self Tags: Login Identity Logs out the registered user. storeId The store identifier. path string responseFormat The response format. Valid values are json and xml. If the request contains an input body, it must use the format specified in responseFormat. If the responseFormat is not specified, the accept HTTP header determines the format of the response. If the accept HTTP header is not specified then default response format is json. query string , x ∈ { xml , json } application/json application/xml application/xhtml+xml application/atom+xml 200 OK The requested completed successfully. Empty 400 Bad Request Bad request. The request could not be understood by the server due to malformed syntax. 401 Unauthorized Not authenticated. The user session is not valid. 403 Forbidden The user is not authorized to perform the specified request. 404 Not Found The specified resource could not be found. 500 Internal Server Error Internal server error. For details, see the server log files. Authenticate user using LTPA token POST /store/{storeId}/ltpaidentity Tags: LTPA Identity Authenticates a user using an LTPA token. application/json application/xml LTPA logon body. com.ibm.commerce.rest.member.handler.LTPAIdentityHandler$LtpaLoginForm storeId The store identifier. path string responseFormat The response format. Valid values are json and xml. If the request contains an input body, it must use the format specified in responseFormat. If the responseFormat is not specified, the accept HTTP header determines the format of the response. If the accept HTTP header is not specified then default response format is json. query string , x ∈ { xml , json } application/json application/xml application/xhtml+xml application/atom+xml 200 OK No response was specified. com.ibm.commerce.rest.member.handler.LTPAIdentityHandler$UserIdentity 201 Created The requested resource has been created. 400 Bad Request Bad request. The request could not be understood by the server due to malformed syntax. 401 Unauthorized Not authenticated. The user session is not valid. 403 Forbidden The user is not authorized to perform the specified request. 404 Not Found The specified resource could not be found. 500 Internal Server Error Internal server error. For details, see the server log files. Log out user DELETE /store/{storeId}/ltpaidentity/@self Tags: LTPA Identity Logs out the user. storeId The store identifier. path string responseFormat The response format. Valid values are json and xml. If the request contains an input body, it must use the format specified in responseFormat. If the responseFormat is not specified, the accept HTTP header determines the format of the response. If the accept HTTP header is not specified then default response format is json. query string , x ∈ { xml , json } 200 OK The requested completed successfully. Empty 400 Bad Request Bad request. The request could not be understood by the server due to malformed syntax. 401 Unauthorized Not authenticated. The user session is not valid. 403 Forbidden The user is not authorized to perform the specified request. 404 Not Found The specified resource could not be found. 500 Internal Server Error Internal server error. For details, see the server log files. Get preview token POST /store/{storeId}/previewToken Tags: Preview Token Requests the preview token. application/json application/xml Request body. com.ibm.commerce.rest.member.handler.PreviewTokenHandler$PreviewParameters storeId The store identifier. path string responseFormat The response format. Valid values are json and xml. If the request contains an input body, it must use the format specified in responseFormat. If the responseFormat is not specified, the accept HTTP header determines the format of the response. If the accept HTTP header is not specified then default response format is json. query string , x ∈ { xml , json } application/json application/xml application/xhtml+xml application/atom+xml 200 OK No response was specified. Example for application/json { "previewToken": "AEAA_QCbAOkADQAnEWiViA" } com.ibm.commerce.rest.member.handler.PreviewTokenHandler$PreviewToken 201 Created The requested resource has been created. 400 Bad Request Bad request. The request could not be understood by the server due to malformed syntax. 401 Unauthorized Not authenticated. The user session is not valid. 403 Forbidden The user is not authorized to perform the specified request. 404 Not Found The specified resource could not be found. 500 Internal Server Error Internal server error. For details, see the server log files. Check password validity POST /store/{storeId}/previewToken/isvalid Tags: Preview Token Checks if the password is valid. application/json application/xml storeId The store identifier. path string application/json application/xml application/xhtml+xml application/atom+xml 200 OK The requested completed successfully. com.ibm.commerce.rest.member.handler.PreviewTokenHandler$ValidIdentifier 400 Bad Request Bad request. The request could not be understood by the server due to malformed syntax. 401 Unauthorized Not authenticated. The user session is not valid. 403 Forbidden The user is not authorized to perform the specified request. 500 Internal Server Error Internal server error. For details, see the server log files. Get context data from request GET /store/{storeId}/usercontext/@self/contextdata Tags: User Context Gets the context data by the cookies and tokens sent with the request. storeId The store identifier. path string responseFormat The response format. Valid values are json and xml. If the request contains an input body, it must use the format specified in responseFormat. If the responseFormat is not specified, the accept HTTP header determines the format of the response. If the accept HTTP header is not specified then default response format is json. query string , x ∈ { xml , json } application/json application/xml application/xhtml+xml application/atom+xml 200 OK The requested completed successfully. Example for application/json { "basicInfo": { "callerId": 2003, "channelId": -1, "runAsId": 2003, "storeId": 10001 }, "catalog": { "catalogId": 10052, "masterCatalog": false }, "entitlement": { "activeOrganizationId": -2000, "currentTradingAgreementIds": [ 10001 ], "eligibleTradingAgreementIds": [ 10001 ], "hostingContractId": -1, "sessionTradingAgreementIds": null }, "globalization": { "currency": "USD", "languageId": -1, "preferredCurrency": "USD", "preferredLanguageId": -1 }, "isPartiallyAuthenticated": false } com.ibm.commerce.rest.member.handler.UserContextHandler$UserContext 400 Bad Request Bad request. The request could not be understood by the server due to malformed syntax. 401 Unauthorized Not authenticated. The user session is not valid. 403 Forbidden The user is not authorized to perform the specified request. 404 Not Found The specified resource could not be found. 500 Internal Server Error Internal server error. For details, see the server log files. Get personalization ID GET /store/{storeId}/usercontext/personalizationId Tags: User Context Gets or generates the Personalization ID of the current session. storeId The store identifier. path string responseFormat The response format. Valid values are json and xml. If the request contains an input body, it must use the format specified in responseFormat. If the responseFormat is not specified, the accept HTTP header determines the format of the response. If the accept HTTP header is not specified then default response format is json. query string , x ∈ { xml , json } application/json application/xml application/xhtml+xml application/atom+xml 200 OK The requested completed successfully. Example for application/json { "personalizationID": "1414184550631-55" } com.ibm.commerce.rest.member.handler.UserContextHandler$PersonalizationIdentifier 400 Bad Request Bad request. The request could not be understood by the server due to malformed syntax. 401 Unauthorized Not authenticated. The user session is not valid. 403 Forbidden The user is not authorized to perform the specified request. 404 Not Found The specified resource could not be found. 500 Internal Server Error Internal server error. For details, see the server log files. Schema definitions com.ibm.commerce.acc.beans.AllowUserToAccessViewDataBean: object com.ibm.commerce.rest.member.handler.GuestIdentityHandler$UserIdentity: object Information about a guest user identity. userId: string The user unique identifier. WCToken: string The token used for authentication. WCTrustedToken: string The trusted token used for authentication. This token should only be used on encrypted channels. personalizationID: string The personalization identifier for the current session. com.ibm.commerce.rest.member.handler.LoginIdentityHandler$LoginForm: object Information required to authenticate a user. logonPassword: string The logon password. logonId: string The logon id. com.ibm.commerce.rest.member.handler.LoginIdentityHandler$UserIdentity: object Information about a guest user identity. userId: string The user unique identifier. WCToken: string The token used for authentication. WCTrustedToken: string The trusted token used for authentication. This token should only be used on encrypted channels. personalizationID: string The personalization identifier for the current session. com.ibm.commerce.rest.member.handler.LTPAIdentityHandler$LtpaLoginForm: object Information required to authenticate a user using LTPA. LTPAToken: string The LTPA token. com.ibm.commerce.rest.member.handler.LTPAIdentityHandler$UserIdentity: object Information about a guest user identity. userId: string The user unique identifier. WCToken: string The token used for authentication. WCTrustedToken: string The trusted token used for authentication. This token should only be used on encrypted channels. personalizationID: string The personalization identifier for the current session. com.ibm.commerce.rest.member.handler.PreviewTokenHandler$PreviewParameters: object Preview parameters. status: string The status. Set to either "true" or "false". timeZoneId: string The time zone identifier for example, "America/New_York" includedMemberGroupIds: string Comma separated list of member groups to simulate for example, "8000000000000000007,8000000000000000006" start: string The start date and time for example, "2013/09/11 13:00:00" workspaceId: string The workspace identifier to use for example, "10001" invstatus: string The inventory status number for example, "0" password: string The password to access a generated preview URL. tokenLife: string Lifespan of the preview token in minutes for example, "60". com.ibm.commerce.rest.member.handler.PreviewTokenHandler$PreviewToken: object Preview token. previewToken: string The preview token. com.ibm.commerce.rest.member.handler.PreviewTokenHandler$ValidIdentifier: object valid: boolean The valid identifier. com.ibm.commerce.rest.member.handler.UserContextHandler$PersonalizationIdentifier: object Personalization identifier. personalizationID: string The personalization identifier. com.ibm.commerce.rest.member.handler.UserContextHandler$UserContext: object User context. basicInfo: com.ibm.commerce.rest.member.handler.UserContextHandler$UserContext$BasicInfo entitlement: com.ibm.commerce.rest.member.handler.UserContextHandler$UserContext$Entitlement isPartiallyAuthenticated: boolean Is the user partially authenticated. catalog: com.ibm.commerce.rest.member.handler.UserContextHandler$UserContext$Catalog globalization: com.ibm.commerce.rest.member.handler.UserContextHandler$UserContext$Globalization workspace: com.ibm.commerce.rest.member.handler.UserContextHandler$UserContext$Workspace preview: com.ibm.commerce.rest.member.handler.UserContextHandler$UserContext$Preview com.ibm.commerce.rest.member.handler.UserContextHandler$UserContext$BasicInfo: object User's basic information. channelId: integer (int64) The user's channel identifier. storeId: integer (int64) The user's store identifier. callerId: integer (int64) The user's caller identifier. runAsId: integer (int64) The user identifier this session is acting upon. com.ibm.commerce.rest.member.handler.UserContextHandler$UserContext$Catalog: object User's catalog. masterCatalog: boolean The user preferred currency. catalogId: integer (int64) The user's catalog identifier. com.ibm.commerce.rest.member.handler.UserContextHandler$UserContext$Entitlement: object User's entitlement information. currentTradingAgreementIds: integer[] The user's trading agreement identifiers. integer (int64) sessionTradingAgreementIds: integer[] The user's session trading agreement identifiers. integer (int64) activeOrganizationId: integer (int64) The user's active organization identifier. hostingContractId: integer (int64) The user's hosting contract identifier. eligibleTradingAgreementIds: integer[] The user's eligible trading agreement identifiers. integer (int64) com.ibm.commerce.rest.member.handler.UserContextHandler$UserContext$Globalization: object User's globalization context. preferredLanguageId: integer (int64) The user preferred language identifier. currency: string The user currency. preferredCurrency: string The user preferred currency. languageId: integer (int64) The user language identifier. com.ibm.commerce.rest.member.handler.UserContextHandler$UserContext$Preview: object User's preview information. initialtimeDiff: integer (int64) The initial time difference when preview started. previewProperties: com.ibm.commerce.rest.member.handler.UserContextHandler$UserContext$Preview$PreviewProperties static: boolean Is the preview session time static. timestamp: string The preview timestamp. com.ibm.commerce.rest.member.handler.UserContextHandler$UserContext$Preview$PreviewProperties: object User's preview properties information. previewInventory: string The inventory preview mode. previewHost: string The preview host name and port. previewPath: string The store preview URI. previewRestURI: string The preview REST URI. com.ibm.commerce.rest.member.handler.UserContextHandler$UserContext$Workspace: object User's workspace information. task: string The user's active task name. taskGroup: string The user's active task group name. workspaceName: string The user's active workspace name. Empty: object Empty model. Used as default value when no model is specified.

Operation	Description
POST /store/{storeId}/previewToken/isvalid	Check password validity
POST /store/{storeId}/previewToken	Get preview token

Operation	Description
GET /store/{storeId}/usercontext/personalizationId	Get personalization ID
GET /store/{storeId}/usercontext/@self/contextdata	Get context data from request

Operation	Description
POST /store/{storeId}/ltpaidentity	Authenticate user using LTPA token
DELETE /store/{storeId}/ltpaidentity/@self	Log out user

Operation	Description
POST /store/{storeId}/loginidentity	Log in user
DELETE /store/{storeId}/loginidentity/@self	Log out user

Operation	Description
POST /store/{storeId}/guestidentity	Create identity token
DELETE /store/{storeId}/guestidentity/@self	Log off guest user


storeId	The store identifier.	path	string
responseFormat	The response format. Valid values are json and xml. If the request contains an input body, it must use the format specified in responseFormat. If the responseFormat is not specified, the accept HTTP header determines the format of the response. If the accept HTTP header is not specified then default response format is json.	query	string , x ∈ { xml , json }
profileName	Profile name. Profiles determine the subset of data returned by a query.	query	string