Customers Resource (Shop API 16.4)

Summary

Http Method Resource Description
POST /Customers

Registers a customer. The mandatory data are the credentials and profile last name and email.

When using OAuth the password in the request must not be set, otherwise an InvalidPasswordException will be thrown.

When using JWT the password is required.

DELETE /Customers/Auth Invalidates the JWT provided in the header.
POST /Customers/Auth Obtains a new JWT (JSON Web Token) for a guest or registered customer. Tokens are returned as a HTTP Authorization:Bearer response header entry. These kinds of request are supported, as specified by the type:
  • Type guest - creates a new guest (non-authenticated) customer and returns a token for the customer.
  • Type credentials - authenticates credentials passed in the HTTP Authorization:Basic request header, returning a token for a successfully authenticated customer otherwise results in an AuthenticationFailedException.
  • Type session - authenticates the customer (anonymous or registered) on base of dwsid and dwsecuretoken cookies. It returns a token for a successfully authenticated customer, otherwise results in an AuthenticationFailedException.
  • Type refresh - examines the token passed in the HTTP Authorization:Bearer request header and when valid returns a new token with an updated expiry time.
For a request of type credentials:
  • Updates profile attributes for the customer (for example, "last-visited").
  • Handles the maximum number of failed login attempts.
For a request of type session:
  • Does not touch profile attributes for the registered customer (for example, "last-visited"), since this is not a real login.
  • Returns different tokens for multiple requests with the same session id. Means, there should be only one call per session.

About JWT

The token contains 3 sections:
  • the header section (specifies token type and algorithm used)
  • the payload section (contains customer information, client id, issue and expiration time)
  • finally the signature section records the token signature.
A token is created and returned to the client whenever a registered customer logs in (type "credentials") or a guest customer requests it (type "guest"). The token is returned in the response header as

Authorization: Bearer --token--

The client has to include the token in the request header as

Authorization: Bearer --token--

in any follow up request. The server declines any follow up requests without a token or which cannot be verified based on the token signature or expiration time. A token nearing its expiration time should be exchanged for a new one (type "refresh").

See "API Usage > JWT" for more details on using JWT as an authentication mechanism.
POST /Customers/Password_reset Starts a password reset process. A password reset token is generated and together with the resolved customer is passed to a afterPOST hook. The customer resolution is based on the password reset request type. Currently the resolution can be done by email or login. In case of an email the password reset hook is only executed if one and only one customer has been identified for that email. In the case that more than one customers have been identified for the provided email the resource does nothing.
GET /Customers/{Customer_id} Gets a customer.
PATCH /Customers/{Customer_id} Updates a customer.
GET /Customers/{Customer_id}/Addresses Returns a sorted pageable list of all customer addresses in the address book. The default page size is 10 customer addresses. The addresses are sorted so that the preferred address is always sorted first. The remaining addresses are sorted alphabetically by ID.

When the customer cannot be found CustomerNotFoundException is thrown in a case of an agent but an empty result list is returned in a case of JWT.
POST /Customers/{Customer_id}/Addresses Creates a new address with the given name for the given customer.
GET /Customers/{Customer_id}/Addresses/{Address_name} Retrieves a customer's address by address name.
DELETE /Customers/{Customer_id}/Addresses/{Address_name} Deletes a customer's address by address name.
PATCH /Customers/{Customer_id}/Addresses/{Address_name} Updates a customer's address by address name.
POST /Customers/{Customer_id}/Auth

Obtains a new agent on behalf token for a registered customer. Token is returned as a HTTP Authorization:Bearer response header entry.

A token is created and returned to the client whenever an agent with Create_Order_On_Behalf_Of permission calls the resource for a registered customer.

The token is returned in the response header as Authorization: Bearer --token--.

The client has to include the token in the request header as Authorization: Bearer --token--

in any follow up request, the agent will do on behalf of the customer.

About the Order On Behalf Token

The token contains 3 sections:

  • the header section (specifies token type and algorithm used)
  • the payload section (contains customer information, client id, issue and expiration time)
  • finally the signature section records the token signature.

A token nearing its expiration time should be exchanged for a new one by calling this resource once more.

GET /Customers/{Customer_id}/Baskets Gets the baskets of a customer.
GET /Customers/{Customer_id}/Orders Returns a pageable list of all customer's orders. The default page size is 10.
PUT /Customers/{Customer_id}/Password Updates the customer's password.
POST /Customers/{Customer_id}/Password_reset Starts a password reset process. A password reset token is generated and passed together with the customer resolved by the id provided as path parameter to a afterPOST hook. The hook dw.ocapi.shop.customer.password_reset.afterPOST can utilize the provided reset token, for example to send a reset email.
GET /Customers/{Customer_id}/Payment_instruments Gets customer payment instruments for an customer.

Can be limited to a specific payment method by providing query parameter payment_method_id.

When the customer cannot be found CustomerNotFoundException is thrown in a case of an agent but an empty result list is returned in a case of JWT.
POST /Customers/{Customer_id}/Payment_instruments Adds a payment instrument to a customer information.
GET /Customers/{Customer_id}/Payment_instruments/{Payment_instrument_id} Retrieves a customer's payment instrument by its id.
DELETE /Customers/{Customer_id}/Payment_instruments/{Payment_instrument_id} Deletes a customer's payment instrument.

Register Customer

Registers a customer. The mandatory data are the credentials and profile last name and email.

When using OAuth the password in the request must not be set, otherwise an InvalidPasswordException will be thrown.

When using JWT the password is required.

Url

POST https://hostname:port/dw/shop/v16_4/customers

Formats

json, xml

Authentication

Name Description
JWT Authentication via Customer JWT token.
OAuth Authentication via OAuth token.

Request Document

CustomerRegistration

Response Document

Customer

In case of a failure Fault Document is returned.

Faults

Status Type Arguments Description
400 CustomerAlreadyRegisteredException   Indicates that the resource is called with JWT token representing a registered customer.
400 MissingEmailException   Indicates that request document does not contain email.
400 MissingLastNameException   Indicates that request document does not contain last_name.
400 MissingLoginException   Indicates that request document does not contain login.
400 LoginAlreadyInUseException   Indicates that the given login is already used.
400 InvalidLoginException   Indicates that login doesn't match acceptance criteria.
400 InvalidPasswordException   Indicates that password doesn't match acceptance criteria.
400 MissingPasswordException   Indicates that password was not provided in JWT scenario.
400 InvalidEmailException

email (String)

Indicates that the profile email address is not valid.

Customization

This Resource supports server-side customization.

Extension Point Method Detail
dw.ocapi.shop.customer.afterPost

afterPost (customer : Customer , registration : CustomerRegistration ) : Status

The function is called after a new customer registration.

Parameters:
customer - the registered customer
registration - the customer registration information
Returns:
a non-null Status ends the hook execution
dw.ocapi.shop.customer.beforePost

beforePost (registration : CustomerRegistration ) : Status

The function is called before a new customer registration.

Parameters:
registration - the customer registration information
Returns:
a non-null Status ends the hook execution

Sample

REQUEST:
POST /dw/shop/v16_4/customers
Host: example.com
Content-Type: application/json

{ 
  "password":"12345!aBcD",
  "customer": {
                "login": "jsmith"
                "email":"[email protected]",
                "last_name":"Smith"
               }
}


# in case of success:

RESPONSE:
HTTP/1.1 200 OK
Cache-Control: no-cache,no-store,must-revalidate
Expires: Thu, 01-Jan-1970 00:00:00 GMT
ETag: 125e1319918776a043fcef2b0e2fce7906abbdea7f5f2f1908ff0ba0fc46de88
Content-Type: application/json;charset=UTF-8

{
   "_v" : "16.4",
   "_type" : "customer",
   "auth_type" : "registered",
   "creation_date" : "2015-09-09T15:50:53.142Z",
   "customer_id" : "ada5ZiobJRE4Ma1fSaAogMDKgI",
   "customer_no" : "00001140",
   "email" : "[email protected]",
   "last_name" : "Smith",
   "login" : "jsmith"
}


# in case of validation failure:

RESPONSE:
HTTP/1.1 400 BAD REQUEST
Expires: Thu, 01-Jan-1970 00:00:00 GMT
Content-Type: application/json;charset=UTF-8
Cache-Control: no-cache,no-store,must-revalidate

{
   "_v" : "16.4",
   "fault" : 
   {
      "type" : "LoginAlreadyInUseException",
      "message" : "Login is already in use."
   }
}

Invalidate an Existing Customer JWT (JSON Web Token)

Invalidates the JWT provided in the header.

Url

DELETE https://hostname:port/dw/shop/v16_4/customers/auth

Formats

json, xml

Authentication

Name Description
JWT Authentication via Customer JWT token.

Header Parameters

Parameter Type Description Constraints
Authorization String the JWT token  

Sample

# Request JWT invalidation for the provided token

REQUEST:
DELETE /dw/shop/v16_4/customers/auth
Host: example.com
Authorization:Bearer <<token>> 
Content-Type:application/json

# in case of success, the token will be invalidated

RESPONSE:
HTTP/1.1 204 OK
Content-Length:0

Get or Refresh Customer JWT (JSON Web Token)

Obtains a new JWT (JSON Web Token) for a guest or registered customer. Tokens are returned as a HTTP Authorization:Bearer response header entry. These kinds of request are supported, as specified by the type:

For a request of type credentials: For a request of type session:

About JWT

The token contains 3 sections: A token is created and returned to the client whenever a registered customer logs in (type "credentials") or a guest customer requests it (type "guest"). The token is returned in the response header as

Authorization: Bearer --token--

The client has to include the token in the request header as

Authorization: Bearer --token--

in any follow up request. The server declines any follow up requests without a token or which cannot be verified based on the token signature or expiration time. A token nearing its expiration time should be exchanged for a new one (type "refresh").

See "API Usage > JWT" for more details on using JWT as an authentication mechanism.

Url

POST https://hostname:port/dw/shop/v16_4/customers/auth

Formats

json, xml

Authentication

Name Description
None No authentication.

Request Document

AuthRequest

Response Document

Customer

Header Parameters

Parameter Type Description Constraints
Authorization String
  • Authorization:Basic for type credentials
  • Authorization:Bearer for type refresh
 

In case of a failure Fault Document is returned.

Faults

Status Type Arguments Description
400 AuthorizationBasicMissingException   Indicates that no HTTP Authorization:Basic header was provided.
401 AuthenticationFailedException

credentialType (String)

Indicates in case of type credentials the username is unknown or the password does not match. In case of type session the session is not active anymore or the dwsecuretoken value is invalid. In both cases the customer is disabled or locked.

Customization

This Resource supports server-side customization.

Extension Point Method Detail
dw.ocapi.shop.auth.afterAuth

afterAuth (authRequestType : EnumValue , customer : Customer ) : Status

The function is called after the customer has been authenticated.

Parameters:
customer - the customer that is authenticated, might be a guest or registered customer
authRequestType - does the request specify a guest, login or refresh authentication
Returns:
  • Status.OK for success.
  • Status.ERROR for error.

Sample

# Request type guest : obtain a token for a guest customer

REQUEST:
POST /dw/shop/v16_4/customers/auth?client_id=aaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
Host: example.com
Content-Type: application/json

{
  "type" : "guest"
}

# Request type credentials : obtain a token for a registered customer
# Credentials are passed as HTTP Basic in base 64 in the form username:password

REQUEST:
POST /dw/shop/v16_4/customers/auth?client_id=aaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
Host: example.com
Authorization: Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ==
Content-Type: application/json

{
  "type" : "credentials"
}

# Request type session : obtain a token for a session
# session information passed as cookies

REQUEST:
POST /dw/shop/v16_4/customers/auth?client_id=aaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
Host: example.com
Authorization: Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ==
Content-Type: application/json
Cookie: dwsid=pATvWUO3KSdt-Kmcy-8-RsxKnoO4BMDwoec7ACVlW6tZNnhaOL7gt7mHqL-h7QYn5TyE61z0DeSMCqxngsWeHw==;
        dwsecuretoken_9727b83e8e864fa4b6902a37bc70a12d=5Kx5-2P7jj5WoxeTiWwHNBJ6QV39Io5SNA==;

{
  "type" : "session"
}

# Request type refresh : obtain a token in exchange for a token nearing expiration time
# Same mechanism used for guest and registered customer. Client ID needs to
# be provided and is checked against the id embedded in the token being refreshed.

REQUEST:
POST /dw/shop/v16_4/customers/auth?client_id=aaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
Authorization:Bearer eyJfdiI6IjXXXXXX.eyJfdiI6IjEiLCJleHAXXXXXXX.-d5wQW4c4O4wt-Zkl7_fiEiALW1XXXX 
Host: example.com
Content-Type: application/json

{
  "type" : "refresh"
}


# in case of success, token returned in response header Authorization:Bearer
# "auth_type" is one of "guest" or "registered"

RESPONSE:
HTTP/1.1 200 OK
Content-Length:124 
Authorization:Bearer eyJfdiI6IjXXXXXX.eyJfdiI6IjEiLCJleHAXXXXXXX.-d5wQW4c4O4wt-Zkl7_fiEiALW1XXXX 
Content-Type:application/json;charset=UTF-8

{
   "_v" : "16.4",
   "_type" : "customer",
   "auth_type" : "guest",
   "customer_id" : "abdtkZzH6sqInJGIHNR1yUw90A",
   "preferred_locale" : "default"
}

# in case attempt to refresh an expired token:

RESPONSE:
HTTP/1.1 401 Unauthorized
Content-Type: application/json;charset=UTF-8

{
   "_v" : "16.4",
   "fault" : 
   {
      "type" : "ExpiredTokenException",
      "message" : "The provided token has expired."
   }
}

# in case no Authorization Basic provided for type "credentials"

RESPONSE:
HTTP/1.1 400 Bad Request
Content-Type: application/json;charset=UTF-8

{
   "_v" : "16.4",
   "fault" : 
   {
      "type" : "AuthorizationBasicMissingException",
      "message" : "Missing credentials: Add a Authorization:Basic header with base64 encoded username:password."
   }
}

# in case missing or wrong username/password for type "credentials"

RESPONSE:
HTTP/1.1 401 Unauthorized
Content-Type: application/json;charset=UTF-8

{
   "_v" : "16.4",
   "fault" : 
   {
      "type" : "AuthenticationFailedException",
      "message" : "Failed to authenticate customer on base of Authorization:Basic header."
   }
}

# in case of an outdated session for type "session"

RESPONSE:
HTTP/1.1 401 Unauthorized
Content-Type: application/json;charset=UTF-8

{
   "_v" : "16.4",
   "fault" : 
   {
      "type" : "AuthenticationFailedException",
      "message" : "Failed to authenticate customer on base of session."
   }
}

Starts a Password Reset Process

Starts a password reset process. A password reset token is generated and together with the resolved customer is passed to a afterPOST hook. The customer resolution is based on the password reset request type. Currently the resolution can be done by email or login. In case of an email the password reset hook is only executed if one and only one customer has been identified for that email. In the case that more than one customers have been identified for the provided email the resource does nothing.

Url

POST https://hostname:port/dw/shop/v16_4/customers/password_reset

Formats

json, xml

Authentication

Name Description
None No authentication.

Request Document

PasswordReset

Customization

This Resource supports server-side customization.

Extension Point Method Detail
dw.ocapi.shop.customers.password_reset.afterPOST

afterPOST (customer : Customer , resetToken : String ) : Status

Allows resetting a customer password. See the example below sending an email with a password reset link.
 var variables: Map = new dw.util.HashMap();
 variables.put("Customer", customer);
 variables.put("ResetPasswordToken", token);
 var template: Template = new dw.util.Template("mail/resetpasswordemail.isml");
 var content: MimeEncodedText = template.render(variables);
 var mail: Mail = new Mail().setSubject("Password Reset").setContent(content).setFrom("[email protected]").addTo(customer.profile.email);
 mail.send();
 
Parameters:
customer - the customer for whom to reset the password
resetToken - the token generated by the system to be used for the reset
Returns:
a non-null Status ends the hook execution

Sample

#
# Example: Password reset
#
REQUEST:
POST /dw/shop/v16_4/customers/password_reset
Host: example.com
Authorization: Bearer af7f5c90-ffc1-4ea4-9613-f5b375b7dc19
Content-Type: application/json; charset=UTF-8

{"identification": "[email protected]", "type":"email"}

# in case of success:

RESPONSE:
HTTP/1.1 204 NO CONTENT

# in case of password reset failure in hook dw.ocapi.shop.customers.password_reset.afterPOST.
# The wrong status with code and message is returned by the custom code.

RESPONSE:
HTTP/1.1 400 BAD REQUEST
Content-Type: application/json;charset=UTF-8

{
   "_v" : "16.4",
   "fault" : 
   {
      "arguments" : 
      {
         "extensionPoint" : "dw.ocapi.shop.customers.password_reset.afterPOST",
         "statusCode" : "EXT_PW_CHANGE_FAIL",
         "statusMessage" : "Password reset not successful in external system."
      },
      "type" : "HookStatusException",
      "message" : "Error in ExtensionPoint 'dw.ocapi.shop.customers.password_reset.afterPOST'!"
   }
}

Get Customer

Gets a customer.

Url

GET https://hostname:port/dw/shop/v16_4/customers/{customer_id}?expand={String}

Formats

json, xml

Authentication

Name Description
JWT Authentication via Customer JWT token.
OAuth Authentication via OAuth token.

Response Document

Customer

Path Parameters

Parameter Type Description Constraints
customer_id String The customer id mandatory=true, minLength=1, nullable=false

Query Parameters

Parameter Type Description Constraints
expand String The expand parameter. A comma separated list with the allowed values (addresses, paymentinstruments).  

In case of a failure Fault Document is returned.

Faults

Status Type Arguments Description
400 InvalidCustomerException   If customerId URL parameter does not match the verified customer represented by the JWT token (not relevant when using OAuth).
404 CustomerNotFoundException

customerId (String)

Indicates that the customer with the given customer id is unknown.

Sample

REQUEST:
GET /dw/shop/v16_4/customers/1234567890?expand=addresses,paymentinstruments HTTP/1.1
Host: example.com
Authorization:Bearer eyJfdiI6IjXXXXXX.eyJfdiI6IjEiLCJleHAXXXXXXX.-d5wQW4c4O4wt-Zkl7_fiEiALW1XXXX 
Content-Type: application/json; charset=UTF-8

# in case of success:
 
RESPONSE:
HTTP/1.1 200 OK
Content-Type: application/json;charset=UTF-8
ETag: y4ad025da50d1af6cac62e86de2b13def45ead81ffb01c407dad2dc4bfd438kl
Cache-Control: max-age=0,no-cache,no-store,must-revalidate

{
   "_v" : "16.4",
   "_type" : "customer",
   "adresses" : 
   [
      {
         "_type" : "customer_address",
         "address1" : "10 Presidential Way",
         "address_id" : "me",
         "city" : "Woburn",
         "country_code" : "US",
         "first_name" : "John",
         "full_name" : "John M. Smith",
         "last_name" : "Smith",
         "postal_code" : "01801",
         "salutation" : "Mr.",
         "state_code" : "MA"
      }
   ],
   "auth_type" : "registered",
   "creation_date" : "2015-08-20T11:30:36.000Z",
   "customer_id" : "abfTWMDZOgi3JPzkHjv9IhmziI",
   "customer_no" : "999",
   "email" : "[email protected]",
   "first_name" : "John",
   "gender" : 1,
   "last_name" : "Smith",
   "payment_instruments" : 
   [
      {
         "_type" : "customer_payment_instrument",
         "payment_bank_account" : 
         {
            "_type" : "payment_bank_account"
         },
         "payment_card" : 
         {
            "_type" : "payment_card",
            "card_type" : "Visa",
            "credit_card_expired" : false,
            "expiration_month" : 2,
            "expiration_year" : 2022,
            "holder" : "John Smith",
            "masked_number" : "***********ber2",
            "number_last_digits" : "ber2"
         },
         "payment_instrument_id" : "beybQiWcyatEEaaadniwhKxxFl",
         "payment_method_id" : "CREDIT_CARD",
         "uuid" : "beybQiWcyatEEaaadniwhKxxFl",
      }
   ],
   "phone_business" : "234560003",
   "phone_home" : "123450003",
   "phone_mobile" : "345670003",
   "c_origin" : "webshop"
}

# in case the authorized customer differs from the customer requested:
 
RESPONSE:
HTTP/1.1 400 BAD REQUEST
Expires: Thu, 01-Jan-1970 00:00:00 GMT
Content-Type: application/json;charset=UTF-8
Cache-Control: max-age=0,no-cache,no-store,must-revalidate
{
  "_v":"16.4",
  "_type":"fault",
  "fault":{
    "type":"InvalidCustomerException",
    "message":"Invalid customer."
  }
}

Updates a Customer

Updates a customer.

Url

PATCH https://hostname:port/dw/shop/v16_4/customers/{customer_id}

Formats

json, xml

Authentication

Name Description
JWT Authentication via Customer JWT token.
OAuth Authentication via OAuth token.

Request Document

Customer

Response Document

Customer

Path Parameters

Parameter Type Description Constraints
customer_id String the customer id minLength=1

Header Parameters

Parameter Type Description Constraints
If-Match String    

In case of a failure Fault Document is returned.

Faults

Status Type Arguments Description
400 InvalidCustomerException   If customerId URL parameter does not match the verified customer represented by the JWT token, not relevant when using OAuth.
400 InvalidEmailException

email (String)

Indicates that the provided email is not valid.
404 CustomerNotFoundException

customerId (String)

Indicates that the customer with the given customer id is unknown.

Customization

This Resource supports server-side customization.

Extension Point Method Detail
dw.ocapi.shop.customer.afterPatchCustomer

afterPatchCustomer (customer : Customer , customerInput : Customer ) : Status

The function is called after a customer was updated.

Parameters:
customer - the customer to be updated
customerInput - the input customer containing the patch changes
Returns:
a non-null Status ends the hook execution
dw.ocapi.shop.customer.beforePatchCustomer

beforePatchCustomer (customer : Customer , customerInput : Customer ) : Status

The function is called before a customer is updated.

Parameters:
customer - the customer to be updated
customerInput - the input customer containing the patch changes
Returns:
a non-null Status ends the hook execution

Sample

REQUEST:
PATCH /dw/shop/v16_4/customers/1234567890 HTTP/1.1
Host: example.com
Authorization:Bearer eyJfdiI6IjXXXXXX.eyJfdiI6IjEiLCJleHAXXXXXXX.-d5wQW4c4O4wt-Zkl7_fiEiALW1XXXX 
If-Match:01ea4f898d53428be312a8a857dec5794a2fa80cf9e5cc2d4560f5316c830335 
Content-Type: application/json
{
   email : "[email protected]",
   fax : "+49 03641 78393 343",
   c_origin :"webshop"
}
# in case of success

RESPONSE:
HTTP/1.1 200 OK
Content-Length:124 
ETag:01ea4f898d53428be312a8a857dec5794a2fa80cf9e5cc2d4560f5316c830335 
Content-Type:application/json;charset=UTF-8

{
   "auth_type" : "registered",
   "creation_date" : "2015-08-20T11:30:36.000Z",
   "customer_id" : "abfTWMDZOgi3JPzkHjv9IhmziI",
   "customer_no" : "999",
   "email" : "[email protected]",
   "fax" : "+49 03641 78393 343",
   "first_name" : "John",
   "gender" : 1,
   "last_name" : "Smith",
   "phone_business" : "234560003",
   "phone_home" : "123450003",
   "phone_mobile" : "345670003",
   "c_origin" : "webshop"
}

Get All Customer Addresses

Returns a sorted pageable list of all customer addresses in the address book. The default page size is 10 customer addresses. The addresses are sorted so that the preferred address is always sorted first. The remaining addresses are sorted alphabetically by ID.

When the customer cannot be found CustomerNotFoundException is thrown in a case of an agent but an empty result list is returned in a case of JWT.

Url

GET https://hostname:port/dw/shop/v16_4/customers/{customer_id}/addresses?start={Integer}&count={Integer}

Formats

json, xml

Authentication

Name Description
JWT Authentication via Customer JWT token.
OAuth Authentication via OAuth token.

Response Document

CustomerAddressResult

Path Parameters

Parameter Type Description Constraints
customer_id String The customer uuid minLength=1

Query Parameters

Parameter Type Description Constraints
count Integer The maximum number of instances per request. Default value is 25. maxIntegerValue=200, minIntegerValue=1
start Integer The result set index to return the first instance for. Default value is 0. maxIntegerValue=999, minIntegerValue=0

In case of a failure Fault Document is returned.

Faults

Status Type Arguments Description
400 InvalidCustomerException   If customerId URL parameter does not match the verified customer represented by the JWT token, not relevant when using OAuth.
404 CustomerNotFoundException

customerId (String)

Indicates that the customer with the given customer id is unknown for the site.

Sample

# Request, no paging details

REQUEST:
GET /dw//shop/v16_4/customers/abdlkQCKV1aEqUQoeFOwAOeD4U/addresses
Host: example.com
Authorization:Bearer eyJfdiI6IjXXXXXX.eyJfdiI6IjEiLCJleHAXXXXXXX.-d5wQW4c4O4wt-Zkl7_fiEiALW1XXXX 
Content-Type:application/json;charset=UTF-8

# Request, with paging details

REQUEST:
GET /dw//shop/v16_4/customers/abdlkQCKV1aEqUQoeFOwAOeD4U/addresses?start=0&count=1
Host: example.com
Authorization:Bearer eyJfdiI6IjXXXXXX.eyJfdiI6IjEiLCJleHAXXXXXXX.-d5wQW4c4O4wt-Zkl7_fiEiALW1XXXX 
Content-Type:application/json;charset=UTF-8


# in case of success
# note: "next" and / or "previous" links only exist when appropriate, and only if paging details were provided

RESPONSE:
HTTP/1.1 200 OK
Content-Type:application/json;charset=UTF-8

{
   "_v" : "16.4",
   "_type" : "customer_address_result",
   "count" : 1,
   "data" : 
   [
      
      {
         "_type" : "customer_address",
         "address1" : "10 Free Way",
         "address_id" : "private",
         "city" : "Woburn",
         "country_code" : "US",
         "etag" : "0d715f5b688ff38c1f3394d56b84ddc40ca787b1adc6d62953713923b94f9cda",
         "first_name" : "James",
         "full_name" : "James Last",
         "last_name" : "Last",
         "postal_code" : "01801",
         "salutation" : "Mr.",
         "state_code" : "MA"
      }
   ],
   "next" : "https://.../s/.../dw/shop/v16_4/customers/abdlkQCKV1aEqUQoeFOwAOeD4U/addresses?count=1&start=1",
   "start" : 0,
   "total" : 2
}


Create Customer Address

Creates a new address with the given name for the given customer.

Url

POST https://hostname:port/dw/shop/v16_4/customers/{customer_id}/addresses

Formats

json, xml

Authentication

Name Description
JWT Authentication via Customer JWT token.
OAuth Authentication via OAuth token.

Request Document

CustomerAddress

Response Document

CustomerAddress

Path Parameters

Parameter Type Description Constraints
customer_id String the id of the customer to create the address for minLength=1

In case of a failure Fault Document is returned.

Faults

Status Type Arguments Description
400 InvalidCustomerException   Indicates that the customerId URL parameter does not match the verified customer represented by the JWT token, not relevant when using OAuth.
400 InvalidCustomerAddressIdException

addressId (String)

Indicates that address name is not provided or it's blank.
400 AddressIdAlreadyInUseException   Indicates that the provided address name is already used for the customer.
404 CustomerNotFoundException

customerId (String)

Indicates that the customer with the given customer id is unknown.

Customization

This Resource supports server-side customization.

Extension Point Method Detail
dw.ocapi.shop.customer.addresses.afterPOST

afterPOST (customer : Customer , addressName : String , customerAddress : CustomerAddress ) : Status

The function is called after adding an address to a customer.

Parameters:
customer - the customer for whom the address was added
addressName - the name of the address which was added
customerAddress - the customer address request data
Returns:
a non-null Status ends the hook execution
dw.ocapi.shop.customer.addresses.beforePOST

beforePOST (customer : Customer , addressName : String , customerAddress : CustomerAddress ) : Status

The function is called before adding an address to a customer.

Parameters:
customer - the customer for whom to add the address
addressName - the name of the address to be added
customerAddress - the customer address request data
Returns:
a non-null Status ends the hook execution

Sample

REQUEST:
POST /s/SiteGenesis/dw/shop/v16_4/customers/acE9xUWs5ea75qwTh0Svi2XfRY/addresses
Host: example.com
Authorization: Bearer cd669706-3638-4dd1-a8b2-310ab900ca53
Content-Type: application/json

{
  "address_id": "home_address",
  "address1" : "5 Wall St",
  "address2" : "24 Presidential Way",
  "city" : "Burlington",
  "company_name" : "Salesforce",
  "country_code" : "US",
  "first_name": "John",
  "job_title" : "Developer",
  "last_name" : "Murphy",
  "phone" : "408-555-1212",
  "postal_code" : "01805",
  "post_box" : "12a",
  "preferred" : false,
  "salutation" : "Mr.",
  "second_name" : "Jim",
  "state_code": "MA",
  "title": "Dr."
}

# in case of success:

RESPONSE:
HTTP/1.1 200 OK
Content-Type: application/json;charset=UTF-8
Etag: ede395db479773613c6538aad756a4ef990b2f80003865964c88a6854f09c220

{
   "_v" : "16.4",
   "_type" : "customer_address",
   "address1" : "5 Wall St",
   "address2" : "24 Presidential Way",
   "address_id" : "home_address",
   "city" : "Burlington",
   "company_name" : "Salesforce",
   "country_code" : "US",
   "first_name" : "John",
   "full_name" : "John Jim Murphy",
   "job_title" : "Developer",
   "last_name" : "Murphy",
   "phone" : "408-555-1212",
   "postal_code" : "01805",
   "post_box" : "12a",
   "preferred" : false,
   "salutation" : "Mr.",
   "second_name" : "Jim",
   "state_code" : "MA",
   "title" : "Dr."
}


# in case of validation failure - example response in case address_id is already used for this customer:

RESPONSE:
HTTP/1.1 400 BAD REQUEST
Cache-Control: no-cache,no-store,must-revalidate
Expires: Thu, 01-Jan-1970 00:00:00 GMT
Content-Type: application/json;charset=UTF-8
{
   "_v" : "16.4",
   "fault" : 
   {
      "type" : "AddressNameAlreadyInUseException",
      "message" : "Customer address id is already in use."
   }
}

Get Customer Address

Retrieves a customer's address by address name.

Url

GET https://hostname:port/dw/shop/v16_4/customers/{customer_id}/addresses/{address_name}

Formats

json, xml

Authentication

Name Description
JWT Authentication via Customer JWT token.
OAuth Authentication via OAuth token.

Response Document

CustomerAddress

Path Parameters

Parameter Type Description Constraints
address_name String the name of the address to retrieve maxLength=256, minLength=1
customer_id String the id of the customer to retrieve the address for minLength=1

In case of a failure Fault Document is returned.

Faults

Status Type Arguments Description
400 InvalidCustomerException   Indicates that the customerId URL parameter does not match the verified customer represented by the JWT token, not relevant when using OAuth.
404 CustomerNotFoundException

customerId (String)

Indicates that the customer with the given customer id is unknown.
404 CustomerAddressNotFoundException

addressId (String)

customerNo (String)

siteId (String)

Indicates that the address with the given name in unknown for the customer with the given customer id.

Sample

REQUEST:
GET /s/SiteGenesis/dw/shop/v16_4/customers/acE9xUWs5ea75qwTh0Svi2XfRY/addresses/home_address
Host: example.com
Authorization: Bearer cd669706-3638-4dd1-a8b2-310ab900ca53
Content-Type: application/json

# in case of success:

RESPONSE:
HTTP/1.1 200 OK
Cache-Control: max-age=0,no-cache,no-store,must-revalidate
Content-Type: application/json;charset=UTF-8

{
   "_v" : "16.4",
   "_type" : "customer_address",
   "address1" : "5 Wall St",
   "address2" : "24 Presidential Way",
   "address_id" : "59aed97608cf7f72",
   "address_id" : "home_address",
   "city" : "Burlington",
   "company_name" : "Salesforce",
   "country_code" : "US",
   "first_name" : "John",
   "full_name" : "John J. Murphy",
   "job_title" : "Developer",
   "last_name" : "Murphy",
   "phone" : "408-555-1212",
   "postal_code" : "01805",
   "post_box" : "12a",
   "preferred" : false,
   "salutation" : "Mr.",
   "second_name" : "J.",
   "state_code" : "MA",
   "title" : "Dr."
}

# in case of validation failure - example response in case of unknown address:

RESPONSE:
HTTP/1.1 404 NOT FOUND
Cache-Control: no-cache,no-store,must-revalidate
Expires: Thu, 01-Jan-1970 00:00:00 GMT
{
   "_v" : "16.4",
   "fault" : 
   {
      "type" : "NotFoundException",
      "message" : "Customer address 'home_address' not found."
   }
}

Delete Customer Address

Deletes a customer's address by address name.

Url

DELETE https://hostname:port/dw/shop/v16_4/customers/{customer_id}/addresses/{address_name}

Formats

json, xml

Authentication

Name Description
JWT Authentication via Customer JWT token.
OAuth Authentication via OAuth token.

Path Parameters

Parameter Type Description Constraints
address_name String the name of the address to delete maxLength=256, minLength=1
customer_id String the id of the customer to delete the address for minLength=1

In case of a failure Fault Document is returned.

Faults

Status Type Arguments Description
400 InvalidCustomerException   Indicates that the customerId URL parameter does not match the verified customer represented by the JWT token, not relevant when using OAuth.
404 CustomerNotFoundException

customerId (String)

Indicates that the customer with the given customer id is unknown.
404 CustomerAddressNotFoundException

addressId (String)

customerNo (String)

siteId (String)

Indicates that the address with the given name in unknown for the customer with the given customer id.

Customization

This Resource supports server-side customization.

Extension Point Method Detail
dw.ocapi.shop.customer.address.afterDELETE

afterDELETE (customer : Customer , addressName : String ) : Status

The function is called after removing an address of a customer.

Parameters:
customer - the customer for whom the address was deleted
addressName - the name of the address which was deleted
Returns:
a non-null Status ends the hook execution
dw.ocapi.shop.customer.address.beforeDELETE

beforeDELETE (customer : Customer , addressName : String ) : Status

The function is called before removing an address of a customer.

Parameters:
customer - the customer for whom to delete the address
addressName - the name of the address to be deleted
Returns:
a non-null Status ends the hook execution

Sample

REQUEST:
DELETE /s/SiteGenesis/dw/shop/v16_4/customers/acE9xUWs5ea75qwTh0Svi2XfRY/addresses/home_address
Host: example.com
Authorization: Bearer cd669706-3638-4dd1-a8b2-310ab900ca53
Content-Type: application/json

# in case of success:

RESPONSE:
HTTP/1.1 204 NO CONTENT


# in case of validation failure - example response in case of registered customer scenario when the customer id does not match the authenticated customer id:

RESPONSE:
HTTP/1.1 400 BAD REQUEST
Cache-Control: no-cache,no-store,must-revalidate
Expires: Thu, 01-Jan-1970 00:00:00 GMT
Content-Type: application/json;charset=UTF-8
{
   "_v" : "16.4",
   "fault" : 
   {
      "type" : "InvalidCustomerException",
      "message" : "Invalid customer."
   }
}

Update Customer Address

Updates a customer's address by address name.

Url

PATCH https://hostname:port/dw/shop/v16_4/customers/{customer_id}/addresses/{address_name}

Formats

json, xml

Authentication

Name Description
JWT Authentication via Customer JWT token.
OAuth Authentication via OAuth token.

Request Document

CustomerAddress

Response Document

CustomerAddress

Path Parameters

Parameter Type Description Constraints
address_name String the name of the address to update maxLength=256, minLength=1
customer_id String the id of the customer to update the address for minLength=1

Header Parameters

Parameter Type Description Constraints
If-Match String the ETag header value contained in the server response  

In case of a failure Fault Document is returned.

Faults

Status Type Arguments Description
400 InvalidCustomerException   Indicates that the customerId URL parameter does not match the verified customer represented by the JWT token, not relevant when using OAuth.
400 AddressIdAlreadyInUseException   Indicates that the provided new address name is already used for the customer.
404 CustomerNotFoundException

customerId (String)

Indicates that the customer with the given customer id is unknown.
404 CustomerAddressNotFoundException

addressId (String)

customerNo (String)

siteId (String)

Indicates that the address with the given name in unknown for the customer with the given customer id.

Customization

This Resource supports server-side customization.

Extension Point Method Detail
dw.ocapi.shop.customer.address.afterPATCH

afterPATCH (customer : Customer , addressName : String , customerAddress : CustomerAddress ) : Status

The function is called after updating an address of a customer.

Parameters:
customer - the customer for whom the address was updated
addressName - the name of the address which was updated
customerAddress - the customer address request data
Returns:
a non-null Status ends the hook execution
dw.ocapi.shop.customer.address.beforePATCH

beforePATCH (customer : Customer , addressName : String , customerAddress : CustomerAddress ) : Status

The function is called before updating an address of a customer.

Parameters:
customer - the customer for whom to update the address
addressName - the name of the address to be updated
customerAddress - the customer address request data
Returns:
a non-null Status ends the hook execution

Sample

REQUEST:
PATCH /s/SiteGenesis/dw/shop/v16_4/customers/acE9xUWs5ea75qwTh0Svi2XfRY/addresses/home_address
Host: example.com
Authorization: Bearer cd669706-3638-4dd1-a8b2-310ab900ca53
If-Match:634da3c275e55a6d66099aaa3d1550fa82ec43d5131bd5b64dde75c4ca942e9c
Content-Type: application/json

{
  "address_id" : "home_address",
  "address1" : "6 Wall St",
  "address2" : "26 Presidential Way",
  "city" : "Burlington",
  "company_name" : "Salesforce",
  "country_code" : "US",
  "first_name": "John",
  "job_title" : "Developer",
  "last_name" : "Murphy",
  "phone" : "408-555-1212",
  "postal_code" : "01805",
  "post_box" : "12b",
  "preferred" : false,
  "salutation" : "Mr.",
  "second_name" : "Jim",
  "state_code": "MA",
  "title": "Dr."
}

# in case of success:

RESPONSE:
HTTP/1.1 200 OK
Content-Type: application/json;charset=UTF-8
Etag: ede395db479773613c6538aad756a4ef990b2f80003865964c88a6854f09c220

{
   "_v" : "16.4",
   "_type" : "customer_address",
   "address1" : "6 Wall St",
   "address2" : "26 Presidential Way",
   "address_id" : "home_address",
   "city" : "Burlington",
   "company_name" : "Salesforce",
   "country_code" : "US",
   "first_name" : "John",
   "full_name" : "John Jim Murphy",
   "job_title" : "Developer",
   "last_name" : "Murphy",
   "phone" : "408-555-1212",
   "postal_code" : "01805",
   "post_box" : "12b",
   "preferred" : false,
   "salutation" : "Mr.",
   "second_name" : "Jim",
   "state_code" : "MA",
   "title" : "Dr."
}

# in case of validation failure - example response in case of attempt to update non-existing address:

RESPONSE:
HTTP/1.1 404 NOT FOUND
Content-Type: application/json;charset=UTF-8
{
   "_v" : "16.4",
   "fault" : 
   {
      "type" : "NotFoundException",
      "message" : "Customer address 'home_address' not found."
   }
}

REQUEST:
PATCH /s/SiteGenesis/dw/shop/v16_4/customers/acE9xUWs5ea75qwTh0Svi2XfRY/addresses/home_address
Host: example.com
Authorization: Bearer cd669706-3638-4dd1-a8b2-310ab900ca53
If-Match:634da3c275e55a6d66099aaa3d1550fa82ec43d5131bd5b64dde75c4ca942e9c
Content-Type: application/json

{
  "address_id" : "old_home_address",
}

# in case of success:

RESPONSE:
HTTP/1.1 301 MOVED PERMANENTLY
Location: /s/SiteGenesis/dw/shop/v16_4/customers/acE9xUWs5ea75qwTh0Svi2XfRY/addresses/old_home_address
Content-Type: application/json;charset=UTF-8
Etag: ede395db479773613c6538aad756a4ef990b2f80003865964c88a6854f09c220

{
   "_v" : "16.4",
   "_type" : "customer_address",
   "address1" : "6 Wall St",
   "address2" : "26 Presidential Way",
   "address_id" : "old_home_address",
   "city" : "Burlington",
   "company_name" : "Salesforce",
   "country_code" : "US",
   "first_name" : "John",
   "full_name" : "John Jim Murphy",
   "job_title" : "Developer",
   "last_name" : "Murphy",
   "phone" : "408-555-1212",
   "postal_code" : "01805",
   "post_box" : "12b",
   "preferred" : false,
   "salutation" : "Mr.",
   "second_name" : "Jim",
   "state_code" : "MA",
   "title" : "Dr."
}

Get an Agent on Behalf of Customer Token

Obtains a new agent on behalf token for a registered customer. Token is returned as a HTTP Authorization:Bearer response header entry.

A token is created and returned to the client whenever an agent with Create_Order_On_Behalf_Of permission calls the resource for a registered customer.

The token is returned in the response header as Authorization: Bearer --token--.

The client has to include the token in the request header as Authorization: Bearer --token--

in any follow up request, the agent will do on behalf of the customer.

About the Order On Behalf Token

The token contains 3 sections:

A token nearing its expiration time should be exchanged for a new one by calling this resource once more.

Url

POST https://hostname:port/dw/shop/v16_4/customers/{customer_id}/auth

Formats

json, xml

Authentication

Name Description
JWT Authentication via Customer JWT token.
OAuth Authentication via OAuth token.

Response Document

Customer

Path Parameters

Parameter Type Description Constraints
customer_id String specifies the customer to act on behalf of minLength=1

Sample

REQUEST:
POST /dw/shop/v16_4/customers/acI4Lg0fMrBZ6shBanPpvkIKHZ/auth
Host: example.com
Authorization: Bearer 26b89022-d8e2-4399-8b78-b3304aa3af3e
Content-Length: 0

RESPONSE:
HTTP/1.1 200 OK
Content-Length:124 
Authorization:Bearer eyJfdiI6IjEiLCJhbGciOiJSUzI1NiIsInR5cCI6IkpXUyJ9... 
Content-Type:application/json;charset=UTF-8

{
   "_v" : "16.4",
   "_type" : "customer",
   "auth_type" : "registered",
   "creation_date" : "2012-03-30T08:23:51.000Z",
   "customer_id" : "acI4Lg0fMrBZ6shBanPpvkIKHZ",
   "customer_no" : "00001140",
   "email" : "[email protected]",
   "enabled" : true,
   "first_name" : "John",
   "gender" : 1,
   "last_login_time" : "2012-04-05T06:08:38.000Z",
   "last_name" : "Doe",
   "last_visit_time" : "2012-04-05T06:08:38.000Z",
   "login" : "johndoe",
   "previous_login_time" : "2012-04-05T06:08:38.000Z",
   "previous_visit_time" : "2012-04-05T06:08:38.000Z",
}

Get Basket

Gets the baskets of a customer.

Url

GET https://hostname:port/dw/shop/v16_4/customers/{customer_id}/baskets

Formats

json, xml

Authentication

Name Description
JWT Authentication via Customer JWT token.
OAuth Authentication via OAuth token.

Response Document

BasketsResult

Path Parameters

Parameter Type Description Constraints
customer_id String the id of the customer to retrieve the baskets for minLength=1

In case of a failure Fault Document is returned.

Faults

Status Type Arguments Description
400 InvalidCustomerException   if customerId URL parameter does not match the verified customer represented by the JWT token, not relevant when using OAuth.
404 CustomerNotFoundException

customerId (String)

Indicates that the customer with the given customer id is unknown for the site.

Sample

# Request

REQUEST:
GET /dw//shop/v16_4/customers/abdlkQCKV1aEqUQoeFOwAOeD4U/baskets
Host: example.com
Authorization:Bearer eyJfdiI6IjXXXXXX.eyJfdiI6IjEiLCJleHAXXXXXXX.-d5wQW4c4O4wt-Zkl7_fiEiALW1XXXX 
Content-Type:application/json;charset=UTF-8

# in case of success

RESPONSE:
HTTP/1.1 200 OK
Content-Type:application/json;charset=UTF-8

{
   "_v" : "16.4",
   "_type" : "baskets_result",
   "baskets" : 
   [
      {
         "_type" : "basket",
          "basket_id" : "bccO1aOjgEnuIaaadk7pYO2rFE",
 ...      
      },
      
      {
         "_type" : "basket",
         "basket_id" : "bcs5vaOjgEQ9Uaaadk9zQIrXE6",
...            
      }
   ],
   "total" : 2
}

Get Orders of Customer

Returns a pageable list of all customer's orders. The default page size is 10.

Url

GET https://hostname:port/dw/shop/v16_4/customers/{customer_id}/orders?start={Integer}&count={Integer}&cross-sites={Boolean}

Formats

json, xml

Authentication

Name Description
JWT Authentication via Customer JWT token.
OAuth Authentication via OAuth token.

Response Document

CustomerOrderResult

Path Parameters

Parameter Type Description Constraints
customer_id String the customer uuid minLength=1

Query Parameters

Parameter Type Description Constraints
count Integer the maximum number of instances per request; default value is 10 maxIntegerValue=200, minIntegerValue=1
cross-sites Boolean the flag whether all sites should be searched; ignored in case of JWT; default value is false  
start Integer the result set index to return the first instance for; default value is 0 minIntegerValue=0

In case of a failure Fault Document is returned.

Faults

Status Type Arguments Description
400 InvalidCustomerException   Indicates that the customerId URL parameter does not match the verified customer represented by the JWT token, not relevant when using OAuth.
404 CustomerNotFoundException

customerId (String)

Indicates that the customer with the given customer id is unknown for the site.

Sample

# Request, no paging details

REQUEST:
GET /dw/shop/v16_4/customers/cevGs1bS2Xac8fpwe6GHJEzYlg/orders
Host: example.com
Authorization:Bearer eyJfdiI6IjXXXXXX.eyJfdiI6IjEiLCJleHAXXXXXXX.-d5wQW4c4O4wt-Zkl7_fiEiALW1XXXX 
Content-Type:application/json

# Request, with paging details

REQUEST:
GET /dw/shop/v16_4/customers/bczhcasxVFpLdxtF05OIPEb25u/orders?start=0&count=1
Host: example.com
Authorization:Bearer eyJfdiI6IjXXXXXX.eyJfdiI6IjEiLCJleHAXXXXXXX.-d5wQW4c4O4wt-Zkl7_fiEiALW1XXXX 
Content-Type:application/json


# in case of success
# note: "next" and / or "previous" links only exist when appropriate, and only if paging details were provided

RESPONSE:
HTTP/1.1 200 OK
Content-Type:application/json;charset=UTF-8

{
   "_v" : "16.4",
   "_type" : "customer_order_result",
   "count" : 1,
   "data" : 
   [
      
      {
         "_type" : "order",
         "adjusted_merchandize_total_tax" : 5.00,
         "adjusted_shipping_total_tax" : 0.00,
         ...
         "customer_info" : 
         {
            "_type" : "customer_info",
            "customer_id" : "bczhcasxVFpLdxtF05OIPEb25u",
            "customer_name" : "John Smith",
            "email" : "[email protected]"
         },
         ...
         "order_no" : "00001228",
         ...
         "payment_instruments" : 
         [
         ...            
         ],
         "product_items" : 
         [
         ...            
         ],
         "product_sub_total" : 16.49,
         "product_total" : 16.49,
         "shipments" : 
         [
         ...
         ],
         "shipping_items" : 
         [
         ...
         ],
         "shipping_total" : 0.01,
         "shipping_total_tax" : 0.00,
         "status" : "created",
         "taxation" : "net",
         "tax_total" : 5.00,
         ...
      }
   ],
   "next" : "https://.../.../.../dw/shop/v16_4/customers/bczhcasxVFpLdxtF05OIPEb25u/orders?count=1&start=1",
   "start" : 0,
   "total" : 3
}


# in case of validation failure - example response in case of registered customer scenario when the customer id does not match the authenticated customer id:

RESPONSE:
HTTP/1.1 400 BAD REQUEST
Cache-Control: no-cache,no-store,must-revalidate
Expires: Thu, 01-Jan-1970 00:00:00 GMT
Content-Type: application/json;charset=UTF-8
{
   "_v" : "16.4",
   "fault" : 
   {
      "type" : "InvalidCustomerException",
      "message" : "Invalid customer."
   }
}

Updates a Customer's Password.

Updates the customer's password.

Url

PUT https://hostname:port/dw/shop/v16_4/customers/{customer_id}/password

Formats

json, xml

Authentication

Name Description
JWT Authentication via Customer JWT token.

Request Document

PasswordChangeRequest

Path Parameters

Parameter Type Description Constraints
customer_id String the customer id minLength=1

In case of a failure Fault Document is returned.

Faults

Status Type Arguments Description
400 InvalidCustomerException   If customerId URL parameter does not match the verified customer represented by the JWT token, not relevant when using OAuth.
404 CustomerNotFoundException

customerId (String)

Indicates that the customer with the given customer id is unknown.

Customization

This Resource supports server-side customization.

Extension Point Method Detail
dw.ocapi.shop.customer.putPassword

putPassword (customer : Customer , passwordChangeRequest : PasswordChangeRequest ) : Status

The function is called to update a customer's password. Use custom implementation to change password e.g. in third party systems. The default implementation will try to change the authenticated user password with the new password provided in the request. In case of an error the default implementation will return the error statuses listed in {@link dw.customer.Credentials#setPassword(String, String, boolean)}.

Parameters:
customer - the customer to be updated
passwordChangeRequest - the input containing the old and new passwords
Returns:
a non-null Status ends the hook execution

Sample

REQUEST:
PUT /s/SiteGenesis/dw/shop/v16_4/customers/acE9xUWs5ea75qwTh0Svi2XfRY/password
Host: example.com
Authorization: Bearer eyJfdiI6IjEiLCJhbGciOiJSUzI1NiIsInR5cCI6IkpXUy.....
Content-Type: application/json

{"current_password": "01dpass", "password": "newpass"}

# in case of success:

RESPONSE:
HTTP/1.1 204 NO CONTENT


#example response in case of an empty new password:

RESPONSE:
HTTP/1.1 400 BAD REQUEST
Cache-Control: no-cache,no-store,must-revalidate
Expires: Thu, 01-Jan-1970 00:00:00 GMT
Content-Type: application/json;charset=UTF-8
{
   "_v" : "16.4",
   "fault" : 
   {
      "arguments" : 
      {
         "extensionPoint" : "dw.ocapi.shop.customer.putPassword",
         "statusCode" : "The new password is empty.",
         "statusMessage" : "The new password is empty."
      },
      "type" : "HookStatusException",
      "message" : "Error in ExtensionPoint 'dw.ocapi.shop.customer.putPassword'!"
   }
}

Starts a Password Reset Process

Starts a password reset process. A password reset token is generated and passed together with the customer resolved by the id provided as path parameter to a afterPOST hook. The hook dw.ocapi.shop.customer.password_reset.afterPOST can utilize the provided reset token, for example to send a reset email.

Url

POST https://hostname:port/dw/shop/v16_4/customers/{customer_id}/password_reset

Formats

json, xml

Authentication

Name Description
JWT Authentication via Customer JWT token.
OAuth Authentication via OAuth token.

Path Parameters

Parameter Type Description Constraints
customer_id String the id of the customer minLength=1

In case of a failure Fault Document is returned.

Faults

Status Type Arguments Description
404 CustomerNotFoundException

customerId (String)

Indicates that the customer specified was not found.

Customization

This Resource supports server-side customization.

Extension Point Method Detail
dw.ocapi.shop.customer.password_reset.afterPOST

afterPOST (customer : Customer , resetToken : String ) : Status

Allows resetting a customer password. See the example below sending an email with a password reset link.
 var variables: Map = new dw.util.HashMap();
 variables.put("Customer", customer);
 variables.put("ResetPasswordToken", token);
 var template: Template = new dw.util.Template("mail/resetpasswordemail.isml");
 var content: MimeEncodedText = template.render(variables);
 var mail: Mail = new Mail().setSubject("Password Reset").setContent(content).setFrom("[email protected]").addTo(customer.profile.email);
 mail.send();
 
Parameters:
customer - the customer for whom to reset the password
resetToken - the token generated by the system to be used for the reset
Returns:
a non-null Status ends the hook execution

Sample

REQUEST:
PUT /dw/shop/v16_4/customers/cdRXAiWbPdMhcaaadh5hZczLu5/password_reset
Host: example.com
Authorization: Bearer a5b6eb0d-8312-41a3-88f3-2c53c4507367
Content-Length: 0

# in case of success:

RESPONSE:
HTTP/1.1 204 NO CONTENT

# in case of password reset failure in hook dw.ocapi.shop.customer.password_reset.afterPOST.
# The wrong status with code and message is returned by the custom code.

RESPONSE:
HTTP/1.1 400 BAD REQUEST
Content-Type: application/json;charset=UTF-8

{
   "_v" : "16.4",
   "fault" : 
   {
      "arguments" : 
      {
         "extensionPoint" : "dw.ocapi.shop.customer.password_reset.afterPOST",
         "statusCode" : "EXT_PW_CHANGE_FAIL",
         "statusMessage" : "Password reset not successful in external system."
      },
      "type" : "HookStatusException",
      "message" : "Error in ExtensionPoint 'dw.ocapi.shop.customer.password_reset.afterPOST'!"
   }
}

Get Customer Payment Instruments

Gets customer payment instruments for an customer.

Can be limited to a specific payment method by providing query parameter payment_method_id.

When the customer cannot be found CustomerNotFoundException is thrown in a case of an agent but an empty result list is returned in a case of JWT.

Url

GET https://hostname:port/dw/shop/v16_4/customers/{customer_id}/payment_instruments?payment_method_id={String}

Formats

json, xml

Authentication

Name Description
JWT Authentication via Customer JWT token.
OAuth Authentication via OAuth token.

Response Document

CustomerPaymentInstrumentResult

Path Parameters

Parameter Type Description Constraints
customer_id String the id of the customer to retrieve the payment instruments for minLength=1

Query Parameters

Parameter Type Description Constraints
payment_method_id String the id of the payment method, if null - all payment instruments are retrieved  

In case of a failure Fault Document is returned.

Faults

Status Type Arguments Description
400 InvalidCustomerException   Indicates that the customerId URL parameter does not match the verified customer represented by the JWT token, not relevant when using OAuth.
404 CustomerNotFoundException

customerId (String)

Indicates that the customer with the given customer id is unknown for the site.

Sample

REQUEST:
GET /s/SiteGenesis/dw/shop/v16_4/customers/acE9xUWs5ea75qwTh0Svi2XfRY/payment_instruments
Host: example.com
Authorization: Bearer cd669706-3638-4dd1-a8b2-310ab900ca53
Content-Type: application/json

# in case of success:

RESPONSE:
HTTP/1.1 200 OK
Cache-Control: max-age=0,no-cache,no-store,must-revalidate
Content-Type: application/json;charset=UTF-8

{
   "_v" : "16.4",
   "_type" : "customer_payment_instrument_result",
   "count" : 2,
   "data" : 
   [
      
      {
         "_type" : "customer_payment_instrument",
         "payment_bank_account" : 
         {
            "_type" : "payment_bank_account"
         },
         "payment_card" : 
         {
            "_type" : "payment_card",
            "card_type" : "Visa",
            "credit_card_expired" : false,
            "expiration_month" : 2,
            "expiration_year" : 2022,
            "holder" : "John Doe",
            "masked_number" : "***********1111",
            "number_last_digits" : "1111"
         },
         "payment_method_id" : "CREDIT_CARD",
         "payment_instrument_id" : "cdlPgiWbN6LM2aaadkcia6MgbA",
         "c_strValue" : "custom value 2"
      },
      
      {
         "_type" : "customer_payment_instrument",
         "bank_routing_number" : "bankrouting3446",
         "gift_certificate_code_masked" : "*****code",
         "payment_bank_account" : 
         {
            "_type" : "payment_bank_account",
            "drivers_license_last_digits" : "e111",
            "drivers_license_state_code" : "MA",
            "holder" : "Joe Doe",
            "masked_drivers_license" : "**********e111",
            "masked_number" : "**********t111",
            "number_last_digits" : "t111"
         },
         "payment_card" : 
         {
            "_type" : "payment_card",
            "credit_card_expired" : false
         },
         "payment_method_id" : "OCAPI_Payment_Simple",
         "payment_instrument_id" : "cdTsgiWbN6DFEaaadkbia6MgbA",
         "c_strValue" : "custom value 1"
      }
   ],
   "total" : 2
}

# in case of validation failure - example response in case of registered customer scenario when the customer id does not match the authenticated customer id:

RESPONSE:
HTTP/1.1 400 BAD REQUEST
Cache-Control: no-cache,no-store,must-revalidate
Expires: Thu, 01-Jan-1970 00:00:00 GMT
Content-Type: application/json;charset=UTF-8
{
   "_v" : "16.4",
   "fault" : 
   {
      "type" : "InvalidCustomerException",
      "message" : "Invalid customer."
   }
}

Add Payment Instrument for Customer

Adds a payment instrument to a customer information.

Url

POST https://hostname:port/dw/shop/v16_4/customers/{customer_id}/payment_instruments

Formats

json, xml

Authentication

Name Description
JWT Authentication via Customer JWT token.
OAuth Authentication via OAuth token.

Request Document

CustomerPaymentInstrumentRequest

Response Document

CustomerPaymentInstrument

Path Parameters

Parameter Type Description Constraints
customer_id String the id of the customer minLength=1

In case of a failure Fault Document is returned.

Faults

Status Type Arguments Description
400 InvalidCustomerException   Indicates that the customerId URL parameter does not match the verified customer represented by the JWT token, not relevant when using OAuth.
404 CustomerNotFoundException

customerId (String)

Indicates that the customer with the given customer id is unknown.
404 CustomerNotFoundException

customerId (String)

Indicates that the customer with the given customer id is unknown for the site.

Customization

This Resource supports server-side customization.

Extension Point Method Detail
dw.ocapi.shop.customer.afterPostPaymentInstrument

afterPostPaymentInstrument (customer : Customer , paymentInstrument : CustomerPaymentInstrumentRequest ) : Status

The function is called after a payment instrument was added to a customer.

Parameters:
customer - the customer for whom to add the payment instrument
paymentInstrument - the payment instrument which was added
Returns:
a non-null Status ends the hook execution
dw.ocapi.shop.customer.beforePostPaymentInstrument

beforePostPaymentInstrument (customer : Customer , paymentInstrument : CustomerPaymentInstrumentRequest ) : Status

The function is called before a payment instrument is added to a customer.

Parameters:
customer - the customer for whom to add the payment instrument
paymentInstrument - the payment instrument to be added
Returns:
a non-null Status ends the hook execution

Sample

REQUEST:
POST /s/SiteGenesis/dw/shop/v16_4/customers/acE9xUWs5ea75qwTh0Svi2XfRY/payment_instruments
Host: example.com
Authorization: Bearer cd669706-3638-4dd1-a8b2-310ab900ca53
Content-Type: application/json; charset=UTF-8
{
  "payment_card":{
                   "expiration_year":2027,
                   "expiration_month":7,
                   "valid_from_month":8,
                   "valid_from_year":2007,
                   "issue_number":"i117",
                   "number":"1234567",
                   "holder":"Joe Doe",
                   "card_type":"MasterCard"
                  },
  "gift_certificate_code": "gift_code7",
  "payment_method_id": "OCAPI_Payment_Simple",
  "bank_routing_number":"bankrouting3776",
  "c_strValue":"custom value 7"
}

# in case of success:

RESPONSE:
HTTP/1.1 200 OK
Cache-Control: max-age=0,no-cache,no-store,must-revalidate
Expires: Thu, 01-Jan-1970 00:00:00 GMT
Content-Type: application/json;charset=UTF-8
{
   "_v" : "16.4",
   "_type" : "customer_payment_instrument",
   "bank_routing_number" : "bankrouting3776",
   "gift_certificate_code_masked" : "******ode7",
   "payment_bank_account" : 
   {
      "_type" : "payment_bank_account"
   },
   "payment_card" : 
   {
      "_type" : "payment_card",
      "card_type" : "MasterCard",
      "credit_card_expired" : false,
      "expiration_month" : 7,
      "expiration_year" : 2027,
      "holder" : "Joe Doe",
      "issue_number" : "i117",
      "masked_number" : "***4567",
      "number_last_digits" : "4567",
      "valid_from_month" : 8,
      "valid_from_year" : 2007
   },
   "payment_method_id" : "OCAPI_Payment_Simple",
   "payment_instrument_id" : "cdOLciWbOsYl6aaadkwcsx9xHH",
   "c_strValue" : "custom value 7"
}


# in case of validation failure - example response when the customer is not found:

RESPONSE:
HTTP/1.1 404 NOT FOUND
Cache-Control: no-cache,no-store,must-revalidate
Expires: Thu, 01-Jan-1970 00:00:00 GMT
Content-Type: application/json;charset=UTF-8
{
   "_v" : "16.4",
   "fault" : 
   {
      "type" : "NotFoundException",
      "message" : "No customer with id 'acE9xUWs5ea75qwTh0Svi2XfRY' found."
   }
}

Get Customer Payment Instrument

Retrieves a customer's payment instrument by its id.

Url

GET https://hostname:port/dw/shop/v16_4/customers/{customer_id}/payment_instruments/{payment_instrument_id}

Formats

json, xml

Authentication

Name Description
JWT Authentication via Customer JWT token.
OAuth Authentication via OAuth token.

Response Document

CustomerPaymentInstrument

Path Parameters

Parameter Type Description Constraints
customer_id String the id of the customer to retrieve the payment instrument for minLength=1
payment_instrument_id String the id of the payment instrument to be retrieved minLength=1

In case of a failure Fault Document is returned.

Faults

Status Type Arguments Description
400 InvalidCustomerException   Indicates that the customerId URL parameter does not match the verified customer represented by the JWT token, not relevant when using OAuth.
404 CustomerNotFoundException

customerId (String)

Indicates that the customer with the given customer id is unknown for the site.
404 PaymentInstrumentNotFoundException

paymentInstrumentId (String)

Indicates that the payment instrument with the given id is unknown for the customer with the given customer id.

Sample

REQUEST:
GET /s/SiteGenesis/dw/shop/v16_4/customers/acE9xUWs5ea75qwTh0Svi2XfRY/payment_instruments/eg5hEiWbPdcaQaaaekty3fqx1o
Host: example.com
Authorization: Bearer cd669706-3638-4dd1-a8b2-310ab900ca53
Content-Type: application/json

# in case of success:

RESPONSE:
HTTP/1.1 200 OK
Cache-Control: max-age=0,no-cache,no-store,must-revalidate
Content-Type: application/json;charset=UTF-8

{
   "_v" : "16.4",
   "_type" : "customer_payment_instrument",
   "payment_bank_account" : 
   {
      "_type" : "payment_bank_account"
   },
   "payment_card" : 
   {
      "_type" : "payment_card",
      "card_type" : "Visa",
      "credit_card_expired" : false,
      "expiration_month" : 3,
      "expiration_year" : 2023,
      "holder" : "John Doe",
      "masked_number" : "***********1111",
      "number_last_digits" : "1111"
   },
   "payment_method_id" : "CREDIT_CARD",
   "payment_instrument_id" : "eg5hEiWbPdcaQaaaekty3fqx1o",
   "c_strValue" : "custom Test value 3"
}

# in case of validation failure - example response in case of unknown customer payment intrument:

RESPONSE:
HTTP/1.1 404 NOT FOUND
Cache-Control: no-cache,no-store,must-revalidate
Expires: Thu, 01-Jan-1970 00:00:00 GMT
{
   "_v" : "16.4",
   "fault" : 
   {
      "type" : "NotFoundException",
      "message" : "The payment instrument with uuid 'cdmh6iWbObcXUaaadkPA7ydxnr' was not found."
   }
}

Delete Customer Payment Instrument

Deletes a customer's payment instrument.

Url

DELETE https://hostname:port/dw/shop/v16_4/customers/{customer_id}/payment_instruments/{payment_instrument_id}

Formats

json, xml

Authentication

Name Description
JWT Authentication via Customer JWT token.
OAuth Authentication via OAuth token.

Path Parameters

Parameter Type Description Constraints
customer_id String the id of the customer to delete the payment instrument for minLength=1
payment_instrument_id String the id of the payment instrument to be deleted minLength=1

In case of a failure Fault Document is returned.

Faults

Status Type Arguments Description
400 InvalidCustomerException   Indicates that the customerId URL parameter does not match the verified customer represented by the JWT token, not relevant when using OAuth.
404 CustomerNotFoundException

customerId (String)

Indicates that the customer with the given customer id is unknown for the site.

Customization

This Resource supports server-side customization.

Extension Point Method Detail
dw.ocapi.shop.customer.afterDeletePaymentInstrument

afterDeletePaymentInstrument (customer : Customer , paymentInstrumentId : String ) : Status

The function is called after removing a payment instrument of a customer.

Parameters:
customer - the customer for whom to delete the payment instrument
paymentInstrumentId - the id of the payment instrument which was deleted
Returns:
a non-null Status ends the hook execution
dw.ocapi.shop.customer.beforeDeletePaymentInstrument

beforeDeletePaymentInstrument (customer : Customer , paymentInstrumentId : String ) : Status

The function is called before removing a payment instrument of a customer.

Parameters:
customer - the customer for whom to delete the payment instrument
paymentInstrumentId - the id of the payment instrument to be deleted
Returns:
a non-null Status ends the hook execution

Sample

REQUEST:
DELETE /s/SiteGenesis/dw/shop/v16_4/customers/acE9xUWs5ea75qwTh0Svi2XfRY/payment_instruments/cdmh6iWbObcXUaaadkPA7ydxnr
Host: example.com
Authorization: Bearer cd669706-3638-4dd1-a8b2-310ab900ca53
Content-Type: application/json

# in case of success:

RESPONSE:
HTTP/1.1 204 NO CONTENT


# in case of validation failure - example response in case of registered customer scenario when the customer id does not match the authenticated customer id:

RESPONSE:
HTTP/1.1 400 BAD REQUEST
Cache-Control: no-cache,no-store,must-revalidate
Expires: Thu, 01-Jan-1970 00:00:00 GMT
Content-Type: application/json;charset=UTF-8
{
   "_v" : "16.4",
   "fault" : 
   {
      "type" : "InvalidCustomerException",
      "message" : "Invalid customer."
   }
}