Skip to main content

Connect Your Salesforce Org to B2C Commerce

Learning Objectives

After completing this unit, you’ll be able to:

  • Describe how a Salesforce org authenticates and connects to the Salesforce Commerce API (SCAPI) and a B2C Commerce instance.
  • Explain why Salesforce uses external credentials and named credentials to connect to B2C Commerce.
  • Summarize the steps to configure external and named credentials for a Salesforce org to B2C Commerce connection.
  • Explain why the permission set for a Guided Shopping Agent includes external credential principal access.

Configure a Secure Agentforce Connection

To deploy a Guided Shopping Agent for B2C Storefronts, you need to set up a secure connection between your Salesforce org and your B2C Commerce instance. The secure connection allows your agent and shoppers to complete actions that require secure calls to the SCAPI Shopper APIs. Salesforce uses external credentials and named credentials to create a secure connection.

Authentication through external and named credentials separates the authentication details from the callout endpoint. This allows your Salesforce org to interact with a B2C instance without embedding sensitive information directly in the code. This setup also allows for easier updates and maintenance. If authentication details change, the changes don’t require updates to the Apex code or callout definitions.

External Credentials

External credentials define how the Guided Shopping Agent and guest users authenticate with your B2C Commerce instance and SCAPI. Two external credentials–one for the agent and one for guests (shoppers)–provide authentication parameters. These credentials specify an authentication protocol and authentication parameters such as your SLAS client ID and your client secret.

Named Credentials

Named credentials define the callout endpoint and link it to the authentication credential (external credential). The named credential simplifies the process of making authenticated callouts by encapsulating the endpoint URL and the associated authentication details. It allows Salesforce to securely and efficiently interact with the external system without embedding sensitive information directly in the code.

Set Up Authentication Credentials

To establish a secure connection between your Salesforce org, the SCAPI APIs, and your B2C Commerce instance, follow these steps to create external and named credentials. For detailed instructions, see Guided Shopping Agent for B2C Storefronts.

Create External Credentials

Set up the external credentials with basic authentication and include the SLAS client ID and client secret, to obtain access tokens for SCAPI requests.

  1. Launch your Salesforce org.
  2. Click Setup and select Setup.
  3. In the Quick Find box, search for and select Named Credentials.
  4. Select the External Credentials tab and click New.
  5. Enter the following external credential details.

Setting

Example

Description

External Credential

Name

GuidedShoppingAuth

Make sure the name includes “Auth” as the suffix.

The name that appears in Salesforce lists and dropdowns.

Label

GuidedShoppingAuth

A unique identifier that’s used to refer to this external credential from callout definitions and through the API.

Authentication Protocol

Basic Authentication

The authentication method used to verify the credential.

Basic Authentication is a protocol that uses a static username and password to authenticate directly into an external system. In this case the SLAS client ID and password.

  1. Save your work.

Configure the Principal

Principals are used in conjunction with external credentials to authenticate and authorize users during callouts to external systems. They make sure that the correct permissions are in place before any external system access is granted.

  1. In the Principals section of the credential that you created, click New.
  2. Enter the following principal settings, and save your work.

Setting

Example

Description

Principal

Parameter Name

GuidedShoppingAuth Principal

The label or identifier for the principal. This entry links the SCAPI external credential to a user profile within Salesforce.

For example, an AI agent in a Salesforce org can call SCAPI API endpoints, log in to a shopper’s account, and add a product to their cart, ensuring a seamless customer experience.

Identity Type

Named Principal

Determines the scope and method of authentication for the principal.

The Named Principal identity type applies the same credential or authentication configuration for the entire organization. This means that, when making callouts to an external system, a single set of credentials is used for all users within the organization.

Authentication

Configured

The status of authentication for the credential.

Sequence Number

1

Specifies the order of principals. When a user is associated with multiple principals, the sequence number determines which principal's credentials are used first.

Username

<user name>

Your SLAS client ID and client ID secret.

The New External Credential window with Label and Name listed as B2CBasicAuth and Authentication Protocol listed as Basic Authentication.

The Create Principal window with the Parameter Name, Sequence Number and Identity Type listed.

Principles are the link between the external credentials and specific permission sets or user profiles. An AI agent assigned a permission set linked to the Principle has the necessary permissions to access B2C SCAPI endpoints. Later you create the permission set that links to these Principle settings.

Create a Second External Credential

  1. Select the External Credentials tab, and click New.
  2. Enter these external credential details, and save your work.

Setting

Example

Description

Name

GuidedShoppingGuest

The name that appears in Salesforce lists and dropdowns.

Label

GuidedShoppingGuest

A unique identifier that’s used to refer to this external credential from callout definitions and through the API.

Authentication Protocol

No Authentication

The authentication method used to verify the credential.

For public or network-secured endpoints, using no authentication simplifies configuration by removing the need to manage authentication details for each callout. This is especially beneficial when authentication is handled through methods like network security measures.

Configure the Principal

  1. In the Principals section of the credential you created, click New.
  2. Enter these details and save your work.

Principal

Parameter Name

Guest

The label or identifier for the principal. It is used to distinguish between different principals within the same external credential.

Authentication Status

Configured

The status of authentication for the credential.

Sequence Number

1

Specifies the order of principals. When a user is associated with multiple principals, the sequence number determines which principal's credentials are used first.

For more information, see Enable External Credential Principals.

Create Named Credentials

To create the named credentials, you need:

  • The SCAPI endpoint URL
  • The authentication parameters set in the external credential

To set up the named credentials, you define the API endpoint used for secure callouts to SCAPI. You also add links to the authentication credentials.

  1. In the Named Credentials tab, click New.
  2. Enter these named credential details, and save your work.

Setting

Example

Description

Label

GuidedShoppingAuthApi

‌The name that appears in Salesforce lists and dropdowns

Name

GuidedShoppingAuthApi

Copy this name. You’ll need it later when you update the agent instructions.

The name used in Apex code or other code configurations

URL

https://short_code.api.commercecloud.salesforce.com/shopper/auth/v1/organizations/commerce_org_id/oauth2/token

The SCAPI endpoint URL for your store. For example,

https://sandbox-001.api.commercecloud.salesforce.com/shopper/auth/v1/organizations/f_ecom_zyom_006/oauth2/token

Authentication

External Credential

GuidedShoppingAuth

The external credential that specifies the authentication details

The New Named Credential window with values in Label, Name, and URL shown; Enabled for Callouts is checked; and External Credential is filled in.

Create a Second Named Credential

To create a second named credential, you need:

  • The endpoint URL for your store
  • The external credential your created for the guest credential

Link this named credential to the guest external credential. The credential enables secure and manageable access to external systems for guest users.

  1. In the Named Credentials tab, click New.
  2. Enter these named credential details, and save your work.

Setting

Example

Description

Label

GuidedShoppingApi

These fields can be anything you want, but include “API” as a suffix.

‌The name that appears in Salesforce lists and dropdowns

Name

GuidedShoppingApi

Copy this name. You’ll need it later when you update the agent instructions.

The name used in Apex code or other code configurations

URL

https://short_code.api.commercecloud.salesforce.com

The endpoint URL for your store. For example,

https://sandbox-001.api.commercecloud.salesforce.com

Authentication

External Credential

GuidedShoppingGuest

The external credential your created for the guest credential

Create a Permission Set for the Agent

Create a permission set for the agent and include principal access. The principal is the link to the credentials that allows a Guided Shopping Agent to use the authentication and SCAPI connections that you created.

  1. In your Salesforce org, click Setup and select Setup.
  2. In the Quick Find box, search for and select Permission Sets.
  3. Click New.
    • For Label, enter B2C Guided Shopping Agent Permissions.
    • For Description, enter Grant Principal Access to Guided Shopping Agents.
    • For License, select None.
  4. Save your work.
  5. In the permission set setup, select External Credential Principal Access.
    • Click Edit.
    • Add GuidedShoppingAuth principal and GuidedShoppingGuest principal to the Enabled External Credential Principals column.
    • Save your work.
  6. From Permission Set Overview, select Object Settings.
    • Select the User External Credentials object.
    • Click Edit.
    • Enable Read access and save your work.

User External Credentials object with read access enabled.

Later, after you create your Guided Shopping Agent, you assign the permission set to your agent.

Sum It Up

In this unit, you learned how to configure external credentials and named credentials to create a secure connection from your Salesforce org to the SCAPI APIs and your B2C Commerce instance. You also learned how to create a permission set for your Guided Shopping Agent. Next, learn how to create a Guided Shopping Agent for B2C Storefronts.

Resources

Compartilhe seu feedback do Trailhead usando a Ajuda do Salesforce.

Queremos saber sobre sua experiência com o Trailhead. Agora você pode acessar o novo formulário de feedback, a qualquer momento, no site Ajuda do Salesforce.

Saiba mais Continue compartilhando feedback