English Article · Software

Security in Sitecore Order Cloud and Access Token

smitbmx

The Sitecore Order Cloud is a rich and mature e-commerce engine.

It has a few must-know security related definitions:

  1. Security Profiles– a custom scope of the roles which can be assigned to the different levels: user, user group, buyer, seller, or supplier level.
  2. Roles – this is data access, which can be granularly assigned, for example, BuyerReader, BuyerAdmin, OrderAdmin, etc.:
The API Roles in Sitecore Order Cloud

To log in as a user to the Order Cloud sandbox, you should do the POST request to the next URL:

https://sandboxapi.ordercloud.io/oauth/token

Shared API Client which can be created in OC Console (Seller section).

Where the client_id is the read-only unique ID is used for OAuth 2.0 workflows and OrderCloud impersonation to represent this Client Application.

The user SimpleBuyer has been registered in Order Cloud console previously.

Example of the login in Postman.
Request headers in Postman (everything is autogenerated except the Content-Type).

The response after the request is a bearer token:

Ther response with a bearer token.

Then all the requests should have proceeded with the obtained token.

To see all the Order Cloud API, please check the next URL: https://api.ordercloud.io/v1/openapi/v3

To simplify work with the API, you can import it into the Postman and see the next structure:

Order Cloud API list.

To reuse the authorization token you should choose a specific request, for example:

  1. Choose the Get a list to buyers.
  2. Click on the Authorization tab.
  3. In the Access Token field paste the bearer token.
  4. Click the Send button.
Example of the authorization with bearer token in Postman.

Published by smitbmx

Leave a comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.