Create a shopper profile
To create a new shopper profile, issue a POST request to the
/ccadmin/v1/profiles endpoint on the administration server.
Specify the values of the profile properties as a JSON map in the body of the request. For example:
POST /ccadmin/v1/profiles HTTP/1.1
Content-Type: application/json
Authorization: Bearer <access_token>
{
"receiveEmail": "yes",
"lastName": "Wilson",
"locale": "en_US",
"email": "fredW@example.com",
"firstName": "Fred"
}If the profile is created successfully, the response body returned includes the ID for the new profile and a link to the URL used in the request:
{
"id": "120000",
"links": [
{
"rel": "self",
"href": "http://myserver.example.com:7002/ccadmin/v1/profiles"
}
]
}Specify the email address and login
The value of the login property on the profile is used as the
shopper’s username. Each username must be unique. On many storefronts, the username is also
the shopper’s email address, in which case the value of the login property
is the same as the value of the email property.
When you create a profile through an API call, the request must explicitly set the
email property, but can omit the login property. If the
request does not specify a value for the login property, it is set to the
same value as the email property. For example, the following request
creates a profile with bobW@example.com as both the username and the email
address:
POST /ccadmin/v1/profiles HTTP/1.1
Content-Type: application/json
Authorization: Bearer <access_token>
{
"receiveEmail": "yes",
"lastName": "Wilson",
"email": "bobW@example.com",
"firstName": "Bob"
}If you want the username to be different from the email address, you can set
separate values for the email and login properties in the
request. For example, the following request creates a profile with fwilson
as the username and fredW@example.com as the email address:
POST /ccadmin/v1/profiles HTTP/1.1
Content-Type: application/json
Authorization: Bearer <access_token>
{
"login": "fwilson",
"receiveEmail": "yes",
"lastName": "Wilson",
"email": "fredW@example.com",
"firstName": "Fred"
}Allow profiles to share an email address
One reason you may want the login and email values
to differ is to allow multiple profiles to share an email address. By default, Commerce requires each profile to have a unique email address, but your business needs may make
this restriction undesirable. If so, you can use the following call to allow multiple
profiles to share the same email address:
PUT /ccadmin/v1/merchant/shopperProfileConfiguration HTTP/1.1
Content-Type: application/json
Authorization: Bearer <access_token>
{
"duplicateEmailsAllowed": true
}Note that once your Commerce instance has profiles that share an email address, you cannot set
duplicateEmailsAllowed back to false. If you try to do
this, the call will return an error.
Block weak passwords
As discussed in the Configure Shopper Settings, you can configure password policies through the Commerce administration interface. The purpose of these settings is to ensure that shoppers do not use passwords that are easy to guess.
The properties set through the administration interface can also be set using the
savePolicies endpoint in the Admin API. In addition to these properties,
this endpoint can set the blockCommonPasswords property, which has no
equivalent setting in the administration interface. If blockCommonPasswords
is set to true, Commerce rejects weak passwords, regardless of whether they meet the criteria specified in the
other properties.
The properties set using this endpoint are site-specific, so the call must specify
the site using the x-ccsite header. For example, the following call
specifies values for a site's password policy settings, including
blockCommonPasswords, which it sets to true:
PUT /ccadmin/v1/merchant/profilePolicies HTTP/1.1
Authorization: Bearer <access_token>
x-ccsite: 100002
{
"guestCheckoutEnabled": true,
"numberOfPreviousPasswords": 3,
"numberOfPreviousPasswordsMinVal": 1,
"passwordExpirationEnabled": false,
"passwordExpirationLengthMinVal": 1,
"sessionTimeoutLength": 15,
"cannotUsePreviousPasswords": false,
"passwordExpirationLength": 90,
"minPasswordLengthMinVal": 4,
"sessionTimeoutEnabled": true,
"minPasswordLengthMaxVal": 64,
"useNumber": true,
"cannotUseUsername": false,
"useMinPasswordLength": true,
"minPasswordLength": 8,
"numberOfPreviousPasswordsMaxVal": 6,
"useMixedCase": false,
"sessionTimeoutLengthMinVal": 1,
"sessionTimeoutLengthMaxVal": 120,
"useSymbol": false,
"blockCommonPasswords": true
}If blockCommonPasswords is true, Commerce rejects any password that appears in its dictionary of weak passwords. When the shopper
specifies a new password, it is compared against all of the entries in the dictionary, and
if it matches one of those entries, it is rejected.
In addition to the passwords listed in the dictionary, you can specify your own list of passwords to block using the updateRestrictedWords endpoint. For example:
POST /ccadmin/v1/merchant/profilePolicies/updateRestrictedWords HTTP/1.1
Authorization: Bearer <access_token>
{
"add": ["frog", "cow", "pig"]
}The response includes an items array that lists your blocked
entries:
{
"links": [
{
"rel": "self",
"href": "http://myserver.example.com:7002/ccadmin/v1/merchant/profilePolicies/updateRestrictedWords"
}
],
"items": [
"frog",
"cow",
"pig"
]
}You can also display your current list using the getRestrictedWords endpoint (GET /ccadmin/v1/merchant/profilePolicies/restrictedWords).
Note that your list of blocked passwords is not site-specific. The entries you
specify apply to all sites whose blockCommonPasswords property is
true.
The updateRestrictedWords endpoint can also take a
delete array for specifying entries to remove from your list. For
example:
POST /ccadmin/v1/merchant/profilePolicies/updateRestrictedWords HTTP/1.1
Authorization: Bearer <access_token>
{
"delete": ["frog", "cow"]
}Deleting entries affects only your own list of blocked passwords. You cannot modify the dictionary that Commerce uses. For example, if you add an entry to your list that matches a value already in the dictionary, and subsequently delete that entry from your list, it does not affect the entry for that value in the dictionary.
Note that changing settings in the password policy does not invalidate existing passwords. The policy change is applied only when a shopper attempts to set a new password.
Disable soft login
As discussed in Configure Shopper Settings, a
logged-out shopper can still see personalized content based on their profile. This is
referred to as soft login. Soft login is enabled by default. You can use the
/ccadmin/v1/merchant/profilePolicies REST API endpoint to disable or
enable it.
If softLoginEnabled is set to false, Commerce disables soft login. The following call sets softLoginEnabled to
false for the specified site:
PUT /ccadmin/v1/merchant/profilePolicies HTTP/1.1
Authorization: Bearer <access_token>
x-ccsite: 100002
{
"softLoginEnabled": false
}Create a shopper profile on an instance running multiple sites
If you are running multiple sites on your Commerce instance, shopper profiles are shared by all of these sites. If a shopper registers on one site running on the instance, the shopper’s profile is automatically available on all sites running on the instance.
However, the values of certain properties in the profile can be site-specific. For
example, the values of the receiveEmail property are site-specific.
When you create a shopper profile using a POST request, you can
specify a site using the x-ccsite header, as described in Use the APIs on instances running multiple sites. The resulting profile
applies to all of the sites on your Commerce instance, but the value you provide for a site-specific property applies only to the site
you specify. (If you do not specify a site, the value is applied to the default site only.)
On all other sites, the value of this property is set to its default. You can modify the
property on a specific site using a PUT request. For example:
PUT /ccadmin/v1/profiles/120000 HTTP/1.1
Content-Type: application/json
Authorization: Bearer <access_token>
x-ccsite: 100001
{
"receiveEmail": "yes"
}Similarly, if you use a GET request to view a profile, the value
returned for a site-specific property reflects the site specified in the
x-ccsite header, or the default site if no site is specified.
Set a site-specific profile property for multiple sites
If your Commerce instance is running multiple sites, shoppers can set site-specific profile properties for
each site individually. For example, the storefront for each site can provide a checkbox for
setting the receiveEmail property, with the setting applying only to the
current site.
A drawback of this approach is that in order to configure settings on all sites, a shopper must access each site separately. To simplify profile configuration, you may instead want to provide a way for the shopper to configure multiple sites in one place.
To enable this, you can modify your storefront to use the updateSiteProperties endpoint in the Store API. This endpoint sets the values of site-specific properties of the current profile (the profile in the current calling context). Note that the current profile must be for a registered shopper, which means the shopper must be logged in.
For example, the following call sets the value of the receiveEmail property of the current profile for two different sites:
PUT /ccstore/v1/profiles/current/siteProperties HTTP/1.1
Content-Type: application/json
Authorization: Bearer <access_token>
{
"siteProperties": [
{
"site": {
"id": "siteUS"
},
"properties": {
"receiveEmail": "yes"
}
},
{
"site": {
"id": "siteUK"
},
"properties": {
"receiveEmail": "no"
}
}
]
}The response shows the values of the receiveEmail property for all sites on which it has been set. For example, the following is a portion of the response to the above request:
{
...
"items": [
{
"site": {
"id": "siteUK"
},
"properties": {
"receiveEmail": "no"
}
},
{
"site": {
"id": "siteUS"
},
"properties": {
"receiveEmail": "yes"
}
}
],
"totalNumberOfItems": 2
}You can also display the current values of site-specific properties using the listSiteProperties endpoint. For example:
GET /ccstore/v1/profiles/current/siteProperties HTTP/1.1
Content-Type: application/json
Authorization: Bearer <access_token>The response contains the same data as the updateSiteProperties endpoint response.
Some things to note about using the updateSiteProperties and listSiteProperties endpoints:
- Before you can set the value of a site-specific property for an individual site,
the site object’s
enabledproperty must be set totrue, and the site object must be published. - You can use the
updateSitePropertiesendpoint to update the value of a site-specific property for all of the sites running on the instance, or for a subset of the sites. In the latter case, you include only the sites you want to update in the body of the request. - Setting the values of a site-specific property affects only sites that have already been created. If you subsequently create an additional site, the property's value for that site is set to the property's default value on all shopper profiles.
- If the value of a site-specific property has not been set explicitly for a site, the
value for that site is set to the property's default value, but no entry for the site is
included in the
updateSitePropertiesorlistSitePropertiesresponse.
Send site-specific properties in webhooks
Several webhooks include profile data for the current shopper in their request bodies. This data includes a sitePropertiesList array that lists the values of site-specific properties such as receiveEmail for each site. These webhooks are:
- Cart Idle
- Shopper Registration
- Shopper Account Update
- External Price Validation
- External Tax Calculation
The following is an example of a sitePropertiesList array that
lists site-specific property values in a webhook request:
"sitePropertiesList": [
{
"site": {"id": "siteDE"},
"properties": {"receiveEmail": "no"}
},
{
"site": {"id": "siteUS"},
"properties": {"receiveEmail": "yes"}
}
]