Connect Agentforce for Guided Shopping to B2C Commerce
Learning Objectives
After completing this unit, you’ll be able to:
- Describe how a Salesforce org authenticates and connects to the B2C Commerce Open Commerce API (OCAPI) and a B2C Commerce Instance.
- Explain why Salesforce uses external credentials and named credentials to connect to B2C Commerce.
- List the Salesforce org settings that configure the external credential and named credentials.
- Explain the purpose of the B2C Commerce Concierge reference cartridge.
Configure a Secure Agentforce Connection
To deploy Agentforce for Guided Shopping in your B2C Commerce instance, you need to set up a secure connection between your Salesforce org and your B2C Commerce instance. Salesforce uses external credentials and named credentials to create a secure connection from Agentforce for Guided Shopping to your B2C Commerce instance.
This diagram shows how a Salesforce org authenticates and connects to the B2C Commerce Open Commerce API (OCAPI) and your B2C Commerce instance.
By separating the authentication details (external credential) from the callout endpoint (named credential), Salesforce ensures a secure and manageable way to handle authenticated callouts. This setup allows for easier updates and maintenance without revealing credentials to the code. If authentication details change, they don’t require changes to the Apex code or callout definitions.
Here’s a list of the connection components.
-
B2C Commerce Instance: The platform that supports your B2C Commerce store. It includes all your store data, products, price books, promotions, orders, inventory sites, and site settings.
-
Salesforce Org: The org that supports the AI agent and connection credentials. Your Salesforce organization provides the necessary security mechanisms to ensure that only authorized AI agents can interact with the OCAPI API and your B2C Commerce instance.
-
Open Commerce API (OCAPI): A set of RESTful APIs that enable ecommerce functionality. OCAPI APIs access commerce resources using HTTP requests and HTTP responses. For details about OCAPI settings, see OCAPI Settings.
-
OCAPI External Credential: Configured for the Agentforce for Guided Shopping, this credential sets up the authentication framework for your entire AI agent. This includes your auth credential details.
-
OCAPI Named Credential: Handles the authentication process required to connect a Salesforce org to B2C Commerce OCAPI. It securely stores the credentials (such as client ID, client secret, and access tokens) required for the connection. This ensures that sensitive information isn't revealed in your code.
-
Auth External Credential: Defines how a Salesforce org authenticates and authorizes callouts to the OCAPI APIs and the B2C Commerce instance.
-
Auth Named Credential: Specifies the authorized callout endpoint for your B2C Commerce instance and links to an auth credential authentication provider.
-
Authenticated Callouts: Authenticated HTTP callouts from the AI agent to the OCAPI APIs and your B2C Commerce instance. Authenticated callouts permit the AI agent to perform actions on behalf of a customer. To simplify the setup of authenticated callouts, Salesforce uses external credentials and named credentials that specify an authentication protocol and the callout endpoint.
Set Up Authentication Credentials
Connect Salesforce org with the OCAPI APIs and your B2C Commerce instance to establish a secure connection. Follow these steps to set this up. For detailed instructions, see Agentforce for Guided Shopping for B2C Commerce.
Establish Authentication Details with the OCAPI External Credential
The OCAPI external credential is paired with the OCAPI named credentials. The external credential handles the authentication details, while the named credential manages the endpoint URL and links to the external credential for authentication.
To set up the OCAPI external credential, configure these settings in your Salesforce org.
- At the top of the page, click
and select Setup.
- In the Quick Find box, search for and select Named Credentials.
- Click External Credentials menu and click New.
- Enter the external credential details as listed in the following table.
Setting |
Example |
Description |
---|---|---|
Name |
B2CExternalCred |
The name that appears in Salesforce lists and dropdowns. |
Label |
B2CExternalCred |
A unique identifier that’s used to refer to this external credential from callout definitions and through the API. |
Authentication Protocol |
No Authentication |
The Auth External Credential handles authentication. |
Principal |
B2CExternalPrincipal |
Links the OCAPI external credential to a user profile within Salesforce. Principals are used in conjunction with named credentials to authenticate and authorize users during callouts to external systems. They make sure that the correct permissions are in place before any external system access is granted. For example, the user acting as an AI agent in a Salesforce org can call OCPI API endpoints, log in to a shopper’s account, and place an order, ensuring a seamless customer experience. |
Create an OCAPI Named Credential
Set up an OCAPI named credential to make secure callouts to OCAPI APIs from your Salesforce org. It simplifies the setup of authenticated callouts by specifying:
- The endpoint URL of the OCAPI endpoint
- The authentication parameters, which are linked to the external credential
To set up the OCAPI named credential, configure these settings in your Salesforce org.
- At the top of the page, click
and select Setup.
- In the Quick Find box, search for and select Named Credentials.
- Click New.
- Enter the named credential details as listed in the following table and save your work.
Setting |
Example |
Description |
---|---|---|
Label |
B2CShopApi |
The name that appears in Salesforce lists and dropdowns |
Name |
B2CShopApi |
The name used in Apex code or other code configurations |
URL |
https://<B2C environment hostname>/s/<SITE ID>/dw/shop/<Open Commerce API Version> |
The OCAPI endpoint URL for your store |
Authentication | ||
External Credential |
B2CExternalCredentials |
The external credential with the authentication details |
- In the Custom Headers section, click New.
- Enter the custom header details as listed in the following table and save your work.
Custom Headers When the AI agent uses the named credential, the custom header with the client ID (name) and your client ID secret (value) is included in the OCAPI API request. To authenticate the OCAPI callout, the name is matched against the value. | ||
---|---|---|
Setting |
Example |
Description |
Name |
x-dw-client-id |
The OCAPI client ID |
Value |
Your Client ID Secret |
Your OCPI client ID Secret |
Sequence |
1 |
Defines the order in which custom headers are processed or displayed |
Assign the Named Principal to a Profile
After you configure the OCAPI external credential and the OCAPI named credential, assign the named principal you created to the Agentforce for Guided Shopping Profile. This assignment ensures that only users with the appropriate permissions can use the external and named credentials. To ensure authentication, make sure the profile is authorized and access permissions are properly managed and aligned with the specific roles and responsibilities within your organization.
To assign the principal to a role, add the named principal to the Enable External Credential column of the External Credential Principal Access profile.
Set Up an Auth External Credential
The auth credential defines how a Salesforce org authenticates callouts to the OCAPI APIs and your B2C Commerce instance. It includes the authentication protocol and links to the Agent User profile through the auth-named principal.
To set up the auth external credential, configure these settings in your Salesforce org.
- At the top of the page, click
and select Setup.
- In the Quick Find box, search for and select Named Credentials.
- Click the External Credentials menu option.
- Click New.
- Enter the external credential details as listed in the following table and save your work.
Setting |
Example |
Description |
---|---|---|
Label |
B2CBasicAuth |
The name that appears in lists and dropdowns. This named credential name is the same as the OCAPI Named Credential you created earlier with “Auth” as a suffix. |
Name |
B2CBasicAuth |
A unique identifier that’s used to refer to the auth external credential from callouts to B2C Commerce. This named credential name is the same as the OCAPI Named Credential you created earlier with “Auth” as a suffix. |
Authentication Protocol |
Basic Authentication |
The authentication method used to verify the credential. Basic Authentication is a protocol that uses a static username and password to authenticate directly into an external system. |
Principal | ||
Parameter Name |
B2CAuthPrincipal |
The principal parameter name is a label or identifier for the principal. It is used to distinguish between different principals within the same external credential. |
Identity Type |
Named Principal |
The identity type determines the scope and method of authentication for the principal. The Named Principal identity type applies the same credential or authentication configuration for the entire organization. This means that, when making callouts to an external system, a single set of credentials is used for all users within the organization. |
Sequence Number |
1 |
The principal sequence number specifies the order of principals. When a user is associated with multiple principals, the sequence number determines which principal's credentials are used first. |
Username |
Your B2C Commerce Client ID. |
|
Password |
Client B2C Commerce Client ID Secret. |
- In the Create Principal section, click New.
- Enter the Create Principal details as listed in the following table and save your work.
Setting |
Example |
Description |
---|---|---|
Parameter Name |
B2CAuthPrincipal |
The principal parameter name is a label or identifier for the principal. It is used to distinguish between different principals within the same external credential. |
Identity Type |
Named Principal |
The identity type determines the scope and method of authentication for the principal. The Named Principal identity type applies the same credential or authentication configuration for the entire organization. This means that, when making callouts to an external system, a single set of credentials is used for all users within the organization. |
Sequence Number |
1 |
The principal sequence number specifies the order of principals. When a user is associated with multiple principals, the sequence number determines which principal's credentials are used first. |
Username |
Your B2C Commerce Client ID. |
|
Password |
Client B2C Commerce Client ID Secret. |
Create an Auth-Named Credential
Specifies the authorized callout endpoint for your B2C Commerce instance and links to an auth credential authentication provider.
To set up the auth named credential, configure these settings in your Salesforce org.
- At the top of the page, click
and select Setup.
- In the Quick Find box, search for and select Named Credentials.
- Click New.
- Enter the auth-named credential details as listed in the table below.
Setting |
Example |
Description |
---|---|---|
Label |
B2CShopApiAuth |
The name that appears in Salesforce lists and dropdowns |
Name |
B2CShopApiAuth |
The name used in Apex code or other code configurations |
URL |
The root URL of the B2C Commerce callout endpoint |
|
External Credential |
B2CBasicAuth |
The external credential with the authentication details |
Assign the Auth Principal to a Profile
After you set up the auth external credential and the auth named credential, connect the external credential principal with the shopper profile. This lets Agentforce for Guided Shopping use the authentication and OCAPI connections you created and act on behalf of the customer.
In the AI agent profile, add the named principal to the Enable External Credential column of the External Credential Principal Access profile.
Update Remote Site Settings
Your Agentforce for Guided Shopping connects to many external sites. To make sure the AI agent can securely communicate with these sites, register the external sites in the Remote Site Settings. This prevents unauthorized access and ensures that only trusted sites can interact with your Salesforce org.
Install the Concierge Reference Cartridge
B2C Commerce uses cartridges to deploy functionalities in your store. Agentforce for Guided Shopping uses natural conversational language and functionalities to communicate with your customers. To integrate your B2C store with agent conversational functionalities, Salesforce provides the Concierge reference cartridge. You can use the plug-in cartridge as a model for your implementation. To learn more about B2C Commerce cartridges, see What Is a Cartridge.
Sum It Up
In this unit, you learned how to configure external credentials and named credentials to create a secure connection from your Salesforce org to the OCAPI APIs, and your B2C Commerce instance. Next up, learn how to build an Agentforce for Guided Shopping agent.