Create a Shopper Profile
To create a new shopper profile, issue a POST request to the /ccadmin/v1/profiles endpoint
on the administration server.
This section applies to Open Storefront Framework
(OSF).
Specify the values of the profile properties as a JSON map in the body of the request. For example:
POST /ccadmin/v1/profiles HTTP/1.1
Content-Type: application/json
Authorization: Bearer <access_token>
{
"receiveEmail": "yes",
"lastName": "Wilson",
"locale": "en_US",
"email": "fredW@example.com",
"firstName": "Fred"
}If the profile is created successfully, the response body returned includes the ID for the new profile and a link to the URL used in the request:
{
"id": "120000",
"links": [
{
"rel": "self",
"href": "http://myserver.example.com:7002/ccadmin/v1/profiles"
}
]
}Specify the Email Address and Login
The value of the login property on the profile is used as the shopper’s
username. Each username must be unique. On many storefronts, the username
is also the shopper’s email address, in which case the value
of the login property is the same as the
value of the email property.
When you create
a profile through an API call, the request must explicitly set the
email property, but can omit the login property. If the request does not specify
a value for the login property, it is set to the
same value as the email property. For example,
the following request creates a profile with bobW@example.com as both the username and the email address:
POST /ccadmin/v1/profiles HTTP/1.1
Content-Type: application/json
Authorization: Bearer <access_token>
{
"receiveEmail": "yes",
"lastName": "Wilson",
"email": "bobW@example.com",
"firstName": "Bob"
}If you want the username to be different from the
email address, you can set separate values for the email and login properties in the
request. For example, the following request creates a profile with fwilson as the username and fredW@example.com as the email address:
POST /ccadmin/v1/profiles HTTP/1.1
Content-Type: application/json
Authorization: Bearer <access_token>
{
"login": "fwilson",
"receiveEmail": "yes",
"lastName": "Wilson",
"email": "fredW@example.com",
"firstName": "Fred"
}Allow profiles to share an email address
One reason you may want the login and email values to differ is to allow
multiple profiles to share an email address. By default, Commerce
requires each profile to have a unique email address, but your business
needs may make this restriction undesirable. If so, you can
use the following call to allow multiple profiles to share
the same email address:
PUT /ccadmin/v1/merchant/shopperProfileConfiguration HTTP/1.1
Content-Type: application/json
Authorization: Bearer <access_token>
{
"duplicateEmailsAllowed": true
}Note that once your Retail Digital Commerce instance
has profiles that share an email address, you cannot set
duplicateEmailsAllowed back to false. If you try to do this, the call will return an error.
Block Weak Passwords
As discussed in the Configure Shopper Settings, you can configure password policies through the Commerce administration interface. The purpose of these settings is to ensure that shoppers do not use passwords that are easy to guess.
The properties set through the administration interface can also be set using the
savePolicies endpoint in the Admin API. In addition to these properties,
this endpoint can set the blockCommonPasswords property, which has no
equivalent setting in the administration interface. If blockCommonPasswords
is set to true, Retail Digital Commerce rejects weak passwords, regardless
of whether they meet the criteria specified in the other properties.
The properties set using this endpoint
are site-specific, so the call must specify the site using
the x-ccsite header. For example, the following call
specifies values for a site's password policy settings, including
blockCommonPasswords, which it sets to true:
PUT /ccadmin/v1/merchant/profilePolicies HTTP/1.1
Authorization: Bearer <access_token>
x-ccsite: 100002
{
"guestCheckoutEnabled": true,
"numberOfPreviousPasswords": 3,
"numberOfPreviousPasswordsMinVal": 1,
"passwordExpirationEnabled": false,
"passwordExpirationLengthMinVal": 1,
"sessionTimeoutLength": 15,
"cannotUsePreviousPasswords": false,
"passwordExpirationLength": 90,
"minPasswordLengthMinVal": 4,
"sessionTimeoutEnabled": true,
"minPasswordLengthMaxVal": 64,
"useNumber": true,
"cannotUseUsername": false,
"useMinPasswordLength": true,
"minPasswordLength": 8,
"numberOfPreviousPasswordsMaxVal": 6,
"useMixedCase": false,
"sessionTimeoutLengthMinVal": 1,
"sessionTimeoutLengthMaxVal": 120,
"useSymbol": false,
"blockCommonPasswords": true
}If blockCommonPasswords is true, Commerce rejects any password that appears in its
dictionary of weak passwords. When the shopper specifies a
new password, it is compared against all of the entries in the dictionary,
and if it matches one of those entries, it is rejected.
In addition to the passwords listed in the dictionary, you can
specify your own list of passwords to block using the updateRestrictedWords endpoint. For example:
POST /ccadmin/v1/merchant/profilePolicies/updateRestrictedWords HTTP/1.1
Authorization: Bearer <access_token>
{
"add": ["frog", "cow", "pig"]
}The response includes an items array
that lists your blocked entries:
{
"links": [
{
"rel": "self",
"href": "http://myserver.example.com:7002/ccadmin/v1/merchant/profilePolicies/updateRestrictedWords"
}
],
"items": [
"frog",
"cow",
"pig"
]
}You can also display your current list using the getRestrictedWords endpoint (GET /ccadmin/v1/merchant/profilePolicies/restrictedWords).
Note that your list of blocked passwords is not site-specific.
The entries you specify apply to all sites whose blockCommonPasswords property is true.
The updateRestrictedWords endpoint can also take a delete array
for specifying entries to remove from your list. For example:
POST /ccadmin/v1/merchant/profilePolicies/updateRestrictedWords HTTP/1.1
Authorization: Bearer <access_token>
{
"delete": ["frog", "cow"]
}Deleting entries affects only your own list of blocked passwords. You cannot modify the dictionary that Retail Digital Commerce uses. For example, if you add an entry to your list that matches a value already in the dictionary, and subsequently delete that entry from your list, it does not affect the entry for that value in the dictionary.
Note that changing settings in the password policy does not invalidate existing passwords. The policy change is applied only when a shopper attempts to set a new password.
Disable Soft Login
As discussed in Configure Shopper Settings, a logged-out
shopper can still see personalized content based on their profile.
This is referred to as soft login. Soft login is enabled by
default. You can use the /ccadmin/v1/merchant/profilePolicies REST API endpoint to disable or enable it.
If softLoginEnabled is set to false, Commerce
disables soft login. The following call sets softLoginEnabled to false for the specified site:
PUT /ccadmin/v1/merchant/profilePolicies HTTP/1.1
Authorization: Bearer <access_token>
x-ccsite: 100002
{
"softLoginEnabled": false
}Create a Shopper Profile on an Instance Running Multiple Sites
If you are running multiple sites on your Retail Digital Commerce instance, shopper profiles are shared by all of these sites. If a shopper registers on one site running on the instance, the shopper’s profile is automatically available on all sites running on the instance.
However, the values of certain properties in the profile can be
site-specific. For example, the values of the receiveEmail property are site-specific.
When you create a shopper profile
using a POST request, you can specify a site
using the x-ccsite header, as described in Use the APIs on instances running multiple sites. The resulting profile applies to all of the sites on your
Commerce instance, but the value you provide for a site-specific property
applies only to the site you specify. (If you do not specify
a site, the value is applied to the default site only.) On
all other sites, the value of this property is set to its default.
You can modify the property on a specific site using a PUT request. For example:
PUT /ccadmin/v1/profiles/120000 HTTP/1.1
Content-Type: application/json
Authorization: Bearer <access_token>
x-ccsite: 100001
{
"receiveEmail": "yes"
}Similarly, if you use a GET request
to view a profile, the value returned for a site-specific
property reflects the site specified in the x-ccsite header, or the default site if no site is specified.
Set a site-specific profile property for multiple sites
If your
Commerce instance is running multiple sites, shoppers can set site-specific
profile properties for each site individually. For example,
the storefront for each site can provide a checkbox for setting
the receiveEmail property, with the setting applying
only to the current site.
A drawback of this approach is that in order to configure settings on all sites, a shopper must access each site separately. To simplify profile configuration, you may instead want to provide a way for the shopper to configure multiple sites in one place.
To enable this, you can modify your storefront
to use the updateSiteProperties endpoint in the Store
API. This endpoint sets the values of site-specific properties of
the current profile (the profile in the current calling context).
Note that the current profile must be for a registered shopper, which
means the shopper must be logged in.
For example, the following
call sets the value of the receiveEmail property
of the current profile for two different sites:
PUT /ccstore/v1/profiles/current/siteProperties HTTP/1.1
Content-Type: application/json
Authorization: Bearer <access_token>
{
"siteProperties": [
{
"site": {
"id": "siteUS"
},
"properties": {
"receiveEmail": "yes"
}
},
{
"site": {
"id": "siteUK"
},
"properties": {
"receiveEmail": "no"
}
}
]
}The response shows the values of the receiveEmail property for all sites on which it has been set. For example, the
following is a portion of the response to the above request:
{
...
"items": [
{
"site": {
"id": "siteUK"
},
"properties": {
"receiveEmail": "no"
}
},
{
"site": {
"id": "siteUS"
},
"properties": {
"receiveEmail": "yes"
}
}
],
"totalNumberOfItems": 2
}You can also display the current values of site-specific
properties using the listSiteProperties endpoint.
For example:
GET /ccstore/v1/profiles/current/siteProperties HTTP/1.1
Content-Type: application/json
Authorization: Bearer <access_token>The response contains the same data as the updateSiteProperties endpoint response.
Some things to note about using the updateSiteProperties and listSiteProperties endpoints:
- Before you can set the value of a site-specific property for an
individual site, the site object’s
enabledproperty must be set totrue, and the site object must be published. - You can use the
updateSitePropertiesendpoint to update the value of a site-specific property for all of the sites running on the instance, or for a subset of the sites. In the latter case, you include only the sites you want to update in the body of the request. - Setting the values of a site-specific property affects only sites that have already been created. If you subsequently create an additional site, the property's value for that site is set to the property's default value on all shopper profiles.
- If the value of a site-specific property has not been set explicitly
for a site, the value for that site is set to the property's
default value, but no entry for the site is included in
the
updateSitePropertiesorlistSitePropertiesresponse.
Send site-specific properties in webhooks
Several
webhooks include profile data for the current shopper in their request
bodies. This data includes a sitePropertiesList array
that lists the values of site-specific properties such as receiveEmail for each site. These webhooks are:
- Cart Idle
- Shopper Registration
- Shopper Account Update
- External Price Validation
- External Tax Calculation
The following is an example of a sitePropertiesList array that lists site-specific property values in a webhook
request:
"sitePropertiesList": [
{
"site": {"id": "siteDE"},
"properties": {"receiveEmail": "no"}
},
{
"site": {"id": "siteUS"},
"properties": {"receiveEmail": "yes"}
}
]