Server-side extensions (SSEs) are applications built using the Express web
framework and executed in the Node.js runtime environment. These extensions implement
custom REST endpoints. For example, you could create a custom shipping calculator whose
SSEs provide the ability to execute custom logic on the server. This capability allows you to:
- Run critical code in a secure environment that cannot be easily modified by an end user.
- Run integration code on Oracle Commerce servers in the Commerce PCI zone, making it easier to achieve PCI compliance with custom extensions.
- Develop complex flows that integrate Commerce data and logic with external systems, and present a single endpoint to the storefront or to those systems.
Depending on the logic you implement, the endpoints you create can be called by a Commerce component such as a widget or webhook, or by an external system. Note that widgets and webhooks should call these endpoints on the storefront server, not the administration server.
A common pattern is to implement an endpoint that is designed to receive a POST request from a Commerce webhook. The SSE then converts the POST data (if necessary) and sends it to an external system. When the endpoint receives a response from the external system, the SSE converts the response (if necessary) and passes it to the webhook, which sends its response to the storefront.
SSEs perform and scale well. Note, however, that the server-side extension environment is not designed for large application development. It is intended for implementing integration code or small amounts of custom logic. An SSE application is limited to 1 GB of memory at runtime.