OCAPI Client Application Identification 19.1

The Open Commerce API requires that all client applications identify themselves using a client ID.

You can obtain a client ID in Account Manager as explained in Adding a client ID for the Open Commerce API. After you obtain an ID, verify that it is enabled.

Note: You can see a list of all client IDs in your organization by selecting API Client in the left navigation menu in Account Manager.
Include the client ID in every API request. It can be passed in several ways:
  1. For requests requiring an Authorization:Bearer -token-: the client ID is determined from the provided token:
    GET https://.../shop/v19_1/baskets
    Authorization:Bearer -token- 
    1. JWT: the client ID is embedded within the token payload as the 'issuer' claim
    2. OAuth: the client ID is resolved from the Account Manager using the token
  2. By using the client_id request parameter
    GET https://example.com/dw/shop/v19_1/products/123456?client_id=aaaaaaaaaaaaaaaaaaaaaaaaaaaaaa 
  3. By setting the x-dw-client-id HTTP header
    GET https://example.com/dw/shop/v19_1/products/123456
    x-dw-client-id:aaaaaaaaaaaaaaaaaaaaaaaaaaaaa
If more than one mechanism is used to provide a client ID, it is resolved using the following order of precedence.
  1. Bearer token
  2. Request parameter
  3. HTTP Header

If you do not provide a client ID, the server returns an HTTP status 400 (Bad Request).

Note: Your client ID must be enabled in Account Manager. Because client IDs are cached for a time before being revalidated, when you enable or disable a client ID, its status does not change immediately.

After obtaining and enabling your client ID, you must include it in every API request. There are three different methods:

  1. You can pass a token in the Authorization:Bearer token header:
    GET https://example.com/dw/shop/v19_1/baskets HTTP/1.1
    Authorization:Bearer token    
    For JWT, the client ID is embedded within the token payload as the 'issuer' claim. For OAuth, the client ID is resolved from the Account Manager using the token.
  2. You can pass a client ID in the client_id request parameter:
    GET https://example.com/dw/shop/v19_1/products/123456?client_id=aaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
  3. You can pass a client ID in the x-dw-client-id HTTP header:
    GET https://example.com/dw/shop/v19_1/products/123456
    x-dw-client-id:aaaaaaaaaaaaaaaaaaaaaaaaaaaaaa    

Tokens have the highest precedence, followed by request parameters, followed by HTTP headers.

If you do not provide a client ID, the server returns an HTTP status 400 (Bad Request).