Connect Agentforce for Guided Shopping to B2C Commerce

Learning Objectives

After completing this unit, you’ll be able to:

Describe how a Salesforce org authenticates and connects to the B2C Commerce Open Commerce API (OCAPI) and a B2C Commerce Instance.
Explain why Salesforce uses external credentials and named credentials to connect to B2C Commerce.
List the Salesforce org settings that configure the external credential and named credentials.
Explain the purpose of the B2C Commerce Concierge reference cartridge.

Configure a Secure Agentforce Connection

To deploy Agentforce for Guided Shopping in your B2C Commerce instance, you need to set up a secure connection between your Salesforce org and your B2C Commerce instance. Salesforce uses external credentials and named credentials to create a secure connection from Agentforce for Guided Shopping to your B2C Commerce instance.

This diagram shows how a Salesforce org authenticates and connects to the B2C Commerce Open Commerce API (OCAPI) and your B2C Commerce instance.

Salesforce org to B2C Commerce instance connection. Named and external credentials support authenticated callouts and responses.

By separating the authentication details (external credential) from the callout endpoint (named credential), Salesforce ensures a secure and manageable way to handle authenticated callouts. This setup allows for easier updates and maintenance without revealing credentials to the code. If authentication details change, they don’t require changes to the Apex code or callout definitions.

Here’s a list of the connection components.

B2C Commerce Instance: The platform that supports your B2C Commerce store. It includes all your store data, products, price books, promotions, orders, inventory sites, and site settings.
Salesforce Org: The org that supports the AI agent and connection credentials. Your Salesforce organization provides the necessary security mechanisms to ensure that only authorized AI agents can interact with the OCAPI API and your B2C Commerce instance.
Open Commerce API (OCAPI): A set of RESTful APIs that enable ecommerce functionality. OCAPI APIs access commerce resources using HTTP requests and HTTP responses. For details about OCAPI settings, see OCAPI Settings.
OCAPI External Credential: Configured for the Agentforce for Guided Shopping, this credential sets up the authentication framework for your entire AI agent. This includes your auth credential details.
OCAPI Named Credential: Handles the authentication process required to connect a Salesforce org to B2C Commerce OCAPI. It securely stores the credentials (such as client ID, client secret, and access tokens) required for the connection. This ensures that sensitive information isn't revealed in your code.
Auth External Credential: Defines how a Salesforce org authenticates and authorizes callouts to the OCAPI APIs and the B2C Commerce instance.
Auth Named Credential: Specifies the authorized callout endpoint for your B2C Commerce instance and links to an auth credential authentication provider.
Authenticated Callouts: Authenticated HTTP callouts from the AI agent to the OCAPI APIs and your B2C Commerce instance. Authenticated callouts permit the AI agent to perform actions on behalf of a customer. To simplify the setup of authenticated callouts, Salesforce uses external credentials and named credentials that specify an authentication protocol and the callout endpoint.

Set Up Authentication Credentials

Connect Salesforce org with the OCAPI APIs and your B2C Commerce instance to establish a secure connection. Follow these steps to set this up. For detailed instructions, see Agentforce for Guided Shopping for B2C Commerce.

Establish Authentication Details with the OCAPI External Credential

The OCAPI external credential is paired with the OCAPI named credentials. The external credential handles the authentication details, while the named credential manages the endpoint URL and links to the external credential for authentication.

To set up the OCAPI external credential, configure these settings in your Salesforce org.

At the top of the page, click and select Setup.
In the Quick Find box, search for and select Named Credentials.
Click External Credentials menu and click New.
Enter the external credential details as listed in the following table.

Setting	Example	Description
Name	`B2CExternalCred`	The name that appears in Salesforce lists and dropdowns.
Label	`B2CExternalCred`	A unique identifier that’s used to refer to this external credential from callout definitions and through the API.
Authentication Protocol	`No Authentication`	The Auth External Credential handles authentication.
Principal	`B2CExternalPrincipal`	Links the OCAPI external credential to a user profile within Salesforce. Principals are used in conjunction with named credentials to authenticate and authorize users during callouts to external systems. They make sure that the correct permissions are in place before any external system access is granted. For example, the user acting as an AI agent in a Salesforce org can call OCPI API endpoints, log in to a shopper’s account, and place an order, ensuring a seamless customer experience.

The New External Credential window with Label and Name listed as B2CBasicAuth and Authentication Protocol listed as Basic Authentication.

The Create Principal window with the Parameter Name, Sequence Number and Identity Type listed.

Create an OCAPI Named Credential

Set up an OCAPI named credential to make secure callouts to OCAPI APIs from your Salesforce org. It simplifies the setup of authenticated callouts by specifying:

The endpoint URL of the OCAPI endpoint
The authentication parameters, which are linked to the external credential

To set up the OCAPI named credential, configure these settings in your Salesforce org.

At the top of the page, click and select Setup.
In the Quick Find box, search for and select Named Credentials.
Click New.
Enter the named credential details as listed in the following table and save your work.

Setting	Example	Description
Label	`B2CShopApi`	‌The name that appears in Salesforce lists and dropdowns
Name	`B2CShopApi`	The name used in Apex code or other code configurations
URL	`https://<B2C environment hostname>/s/<SITE ID>/dw/shop/<Open Commerce API Version>`	The OCAPI endpoint URL for your store
Authentication
External Credential	`B2CExternalCredentials`	The external credential with the authentication details

The New Named Credential window with values in Label, Name, and URL shown; Enabled for Callouts is checked; and External Credential is filled in.

In the Custom Headers section, click New.
Enter the custom header details as listed in the following table and save your work.

Custom Headers When the AI agent uses the named credential, the custom header with the client ID (name) and your client ID secret (value) is included in the OCAPI API request. To authenticate the OCAPI callout, the name is matched against the value.
Setting	Example	Description
Name	`x-dw-client-id`	The OCAPI client ID
Value	Your Client ID Secret	Your OCPI client ID Secret
Sequence	1	Defines the order in which custom headers are processed or displayed

The Create Custom Header window with Name, Value, and Sequence Number shown.

Assign the Named Principal to a Profile

After you configure the OCAPI external credential and the OCAPI named credential, assign the named principal you created to the Agentforce for Guided Shopping Profile. This assignment ensures that only users with the appropriate permissions can use the external and named credentials. To ensure authentication, make sure the profile is authorized and access permissions are properly managed and aligned with the specific roles and responsibilities within your organization.

To assign the principal to a role, add the named principal to the Enable External Credential column of the External Credential Principal Access profile.

The Enable External Credential Principal Access window showing B2CExternalCred moved from the Available External Credential Principles to the Enabled External Credential Principals.

Set Up an Auth External Credential

The auth credential defines how a Salesforce org authenticates callouts to the OCAPI APIs and your B2C Commerce instance. It includes the authentication protocol and links to the Agent User profile through the auth-named principal.

To set up the auth external credential, configure these settings in your Salesforce org.

At the top of the page, click and select Setup.
In the Quick Find box, search for and select Named Credentials.
Click the External Credentials menu option.
Click New.
Enter the external credential details as listed in the following table and save your work.

Setting	Example	Description
Label	`B2CBasicAuth`	The name that appears in lists and dropdowns. This named credential name is the same as the OCAPI Named Credential you created earlier with “Auth” as a suffix.
Name	`B2CBasicAuth`	A unique identifier that’s used to refer to the auth external credential from callouts to B2C Commerce. This named credential name is the same as the OCAPI Named Credential you created earlier with “Auth” as a suffix.
Authentication Protocol	Basic Authentication	The authentication method used to verify the credential. Basic Authentication is a protocol that uses a static username and password to authenticate directly into an external system.
Principal
Parameter Name	B2CAuthPrincipal	The principal parameter name is a label or identifier for the principal. It is used to distinguish between different principals within the same external credential.
Identity Type	Named Principal	The identity type determines the scope and method of authentication for the principal. The Named Principal identity type applies the same credential or authentication configuration for the entire organization. This means that, when making callouts to an external system, a single set of credentials is used for all users within the organization.
Sequence Number	1	The principal sequence number specifies the order of principals. When a user is associated with multiple principals, the sequence number determines which principal's credentials are used first.
Username		Your B2C Commerce Client ID.
Password		Client B2C Commerce Client ID Secret.

The New External Credential window with Label, Name, and Authentication Protocol listed.

In the Create Principal section, click New.
Enter the Create Principal details as listed in the following table and save your work.

Setting	Example	Description
Parameter Name	B2CAuthPrincipal	The principal parameter name is a label or identifier for the principal. It is used to distinguish between different principals within the same external credential.
Identity Type	Named Principal	The identity type determines the scope and method of authentication for the principal. The Named Principal identity type applies the same credential or authentication configuration for the entire organization. This means that, when making callouts to an external system, a single set of credentials is used for all users within the organization.
Sequence Number	1	The principal sequence number specifies the order of principals. When a user is associated with multiple principals, the sequence number determines which principal's credentials are used first.
Username		Your B2C Commerce Client ID.
Password		Client B2C Commerce Client ID Secret.

The Create Principal window showing Parameter Name, Identity Type, Sequence Number, Username, and Password.

Create an Auth-Named Credential

Specifies the authorized callout endpoint for your B2C Commerce instance and links to an auth credential authentication provider.

To set up the auth named credential, configure these settings in your Salesforce org.

At the top of the page, click and select Setup.
In the Quick Find box, search for and select Named Credentials.
Click New.
Enter the auth-named credential details as listed in the table below.

Setting	Example	Description
Label	`B2CShopApiAuth`	The name that appears in Salesforce lists and dropdowns
Name	`B2CShopApiAuth`	The name used in Apex code or other code configurations
URL	https://account.demandware.com	The root URL of the B2C Commerce callout endpoint
External Credential	`B2CBasicAuth`	The external credential with the authentication details

The New Named Credential window. Enter Label, Name, and URL. Select External Credential. Leave the other entries as is.

Assign the Auth Principal to a Profile

After you set up the auth external credential and the auth named credential, connect the external credential principal with the shopper profile. This lets Agentforce for Guided Shopping use the authentication and OCAPI connections you created and act on behalf of the customer.

In the AI agent profile, add the named principal to the Enable External Credential column of the External Credential Principal Access profile.

The Enable External Credential Principal window. Select the named principal from the Available Principals and add it to the Enabled Principals.

Update Remote Site Settings

Your Agentforce for Guided Shopping connects to many external sites. To make sure the AI agent can securely communicate with these sites, register the external sites in the Remote Site Settings. This prevents unauthorized access and ensures that only trusted sites can interact with your Salesforce org.

Remote Site Settings Setup window.

Install the Concierge Reference Cartridge

B2C Commerce uses cartridges to deploy functionalities in your store. Agentforce for Guided Shopping uses natural conversational language and functionalities to communicate with your customers. To integrate your B2C store with agent conversational functionalities, Salesforce provides the Concierge reference cartridge. You can use the plug-in cartridge as a model for your implementation. To learn more about B2C Commerce cartridges, see What Is a Cartridge.

Sum It Up

In this unit, you learned how to configure external credentials and named credentials to create a secure connection from your Salesforce org to the OCAPI APIs, and your B2C Commerce instance. Next up, learn how to build an Agentforce for Guided Shopping agent.

Tempo estimado

Tópicos

Procurando ajuda?

Commerce Cloud Recursos

Agentforce Recursos

Service Cloud Recursos