Register applications

External applications can use the REST web service APIs to integrate with Oracle Commerce. You must register an application to enable it to access Commerce data and functionality.

This section applies to Open Storefront Framework (OSF) and Storefront Classic.

Registering an application automatically generates the following:

An application ID that identifies the application internally.
An application key that you use to authenticate the application.

The application key is a JSON Web Token (JWT) from the Oracle Commerce OAuth server. The registered application exchanges the key for an access token as part of the authentication flow. For more information, see Use the application key for authentication.

You can register an application in the administration interface or by using the Admin API. Both methods are described below.

To register an application in the administration interface:

Click the Settings icon.
Click Web APIs and display the Registered Applications tab.
Click the Register Application button.
In the frame that appears, enter a name for the application, and select when the application key should expire.
The Expiration dropdown includes options ranging from one day to a year from now. If you do not want the key to expire, select Never.
Click Create.
The application ID and application key are automatically generated and the application is added to the list on the Registered Applications page.

To acquire the application key for an application:

Click the Settings icon.
Click Web APIs and display the Registered Applications tab.
Click the name of the application.
In the frame that appears, click the Application Key box to reveal the key.
Copy the key and provide it to the application developer.
Click Cancel to exit the frame without making any changes.
See Use the application key for authentication for more information.

To modify a registered application:

Click the Settings icon.
Click Web APIs and display the Registered Applications tab.
Click the name of the application.
In the frame that appears, you can change the name of the application, reset the application key, or change when the key expires. After you are done making changes, click Save.
If you reset the application key, the previous key is automatically revoked and can no longer be used to authenticate the application.

To unregister an application:

Click the Settings icon.
Click Web APIs and display the Registered Applications tab.
Click the name of the application you want to unregister.
Click Delete.
The application’s ID is removed from the system and its application key is automatically revoked.

You use the createApplicationID endpoint to register an application using the Admin API. For example:

POST /ccadmin/v1/applicationIds  HTTP/1.1
Content-Type: application/json
Authorization: Bearer <access_token>
{
    "name": "sampleApp",
    "lifetimeDays": 90,
    "type": "application"
}

In this example, the lifetimeDays property is used to set the application key to expire after 90 days. The maximum value this property can be set to is 365; if you specify a larger value, the value will be set to 365. If you do not set a value for lifetimeDays, or set it to -1, the application key will not expire until you revoke it explicitly.

The response includes the values for the application to use for authentication. For example:

{
    . . .
    "token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJzdWIiOiI3ZjkzNjQ1Ni01ZmUyLTQ5NTQtODk0NS1kYTMyZTZmOTFjNzUiLCJpc3MiOiJhcHBsaWNhdGlvbkF1dGgiLCJleHAiOjE2ODYwNzkzMzEsImlhdCI6MTY1NDU0MzMzMX0=.imjcnTgBZE8+AADDB/h/RxBzDFX6EbQ/+1DJtsprM9E=",
    "expirationTime": 1662319331,
    "name": "sampleApp",
    "id": "7f936456-5fe2-4954-8945-da32e6f91c75",
    . . .
}

The value of id is the application ID, and the value of token is the application key. The expirationTime indicates when the application key expires, expressed as the number of seconds elapsed since the beginning of the Unix epoch (00:00:00 UTC, Thursday, 1 January 1970).