OCAPI Client Application Identification 19.8

The Open Commerce API requires that all client applications identify themselves using a client ID.

You can obtain a client ID in Account Manager as explained in Adding a client ID for the Open Commerce API. After you obtain an ID, verify that it is enabled.

Note: You can see a list of all client IDs in your organization by selecting API Client in the left navigation menu in Account Manager.
Include the client ID in every API request. It can be passed in several ways:
  1. For requests requiring an Authorization:Bearer token, the client ID is determined from the provided token:
    GET https://.../shop/v19_8/baskets
    Authorization:Bearer token 
    1. JWT: the client ID is embedded within the token payload as the 'issuer' claim
    2. OAuth: the client ID is resolved from the Account Manager using the token
  2. You can pass a client ID in the client_id request parameter:
    GET https://example.com/dw/shop/v19_8/products/123456?client_id=aaaaaaaaaaaaaaaaaaaaaaaaaaaaaa 
  3. You can pass a client ID in the x-dw-client-id HTTP header:
    GET https://example.com/dw/shop/v19_8/products/123456
    x-dw-client-id:aaaaaaaaaaaaaaaaaaaaaaaaaaaaa
If more than one mechanism is used to provide a client ID, it is resolved using the following order of precedence.
  1. Bearer token
  2. Request parameter
  3. HTTP Header

If you do not provide a client ID, the server returns an HTTP status 400 (Bad Request).

Note: Your client ID must be enabled in Account Manager. Because client IDs are cached for a time before being revalidated, when you enable or disable a client ID, its status does not change immediately.