Create or authenticate a user with CC



A special endpoint used specifically with the Oracle Commerce Cloud (CC) Wish List client product.

This endpoint fetches, authenticates, and synchronizes a SWM user with a corresponding CC user by using the given CC user profileId.

This endpoint is unique and doesn't follow REST standards precisely because it first attempts to follow the OAuth 2.0 RFC. Non-standard: Using POST instead of GET, returning a 200 OK to a post instead of a 201.

Explanation of custom CC header required by this endpoint:
  • X-CCTenantId is a required custom header added to the request that passes the OPC tenantid for the CC site. This is used to look up the complete CC host name with domain/port that is hosting the CC storefront. (e.g.
  • X-CCSiteId is an optional custom header added to the request that passes the CC site id. This is used to identify a particular CC site for the user. When this header is not passed, the 'siteUS' site is assumed.
Explanation of endpoint request parameters:
  • assertion is a request body parameter that contains an OAuth 2.0 JWT bearer token, the same token that is returned from a user successfully logging into the CC storefront. We use the CC JWT bearer token auth to authenticate the user on our server by making a back-end call to the CC storefront.
  • grant_type is a request body parameter indicating the type of OAuth 2.0 authentication that is being requested.
This endpoint makes a back-end call to the CC store and forwards the JWT bearer token in an Authorization header, calling the CC store /profiles/current endpoint.

If CC authentication is successful, and the authenticated ccProfileId matches that of the ccProfileId in the original request URI path, it will then check to see if a SWM user with that ccProfileId exists, and create a new SWM user if it does not. If the user does exist, the profile information in the SWM user record will be updated with the latest information from the CC user profile.

The created SWM user will be given the same email, firstName, and lastName obtained from the CC store /profiles/current endpoint. The user will also be associated with the merchantId that "owns" the siteId associated with the tenantId passed in the custom header. If the CC user is a B2B user, the organization name and organization logo URL will also be saved with the SWM user record.


Supported Media Types
Path Parameters
Form Parameters
Back to Top


Supported Media Types

200 Response

user resource found

201 Response

user resource created

401 Response

unauthorized CC user

404 Response

site resource not found
Back to Top


Sample Request:

       POST swm/rs/v1/users/cc/160297    

Sample Response:

       {"response":{"code":"200.7","developerMessage":"swm user authenticated"},

Possible Error Codes:

          "code":"404.0","developerMessage":"site resource not found",
          "code":"401.0","developerMessage":"unauthorized CC user",
          "code":"400.10","developerMessage":"invalid grant request",
          "code":"400.11","developerMessage":"invalid grant type",
          "code":"400.13","developerMessage":"invalid grant request, tenant not found",
          "code":"400.14","developerMessage":"missing cchost",
          "code":"400.17","developerMessage":"invalid cc jwt token",
          "code":"400.15","developerMessage":"cchost not reachable",
          "code":"400.16","developerMessage":"check server config",
          "code":"400.12","developerMessage":"authorization grant invalid",
          "code":"500.0","developerMessage":"internal server error"
Back to Top