Account Management API Overview

note

Account Management API is now deprecated and we recommend that you use Account Management functionality built into Elastic Path Commerce 8.2 and later.

Account Management API resources model the fundamental aspects of B2B ecommerce with each resource encapsulating a single part of the B2B ecommerce process. For example, Account Management API has resources for:

• Accounts
• Associates
• Authorization Contexts
• Profiles

Workflow

Resources are linked together with other related resources into workflows that can be used to perform an action. For example, the workflow to create a new associate for a buyer organization involves retrieving the organization, and then following the associates link to the associateform. Then “associateform” is used to create a new associate for that specific organization. By following these workflows, you can perform actions such as add an organization, add a division, perform a search and so on.

Authentication

Account Management API authorization requires OpenID Connect with the OAuth 2.0 protocol. In order to authenticate to the Account Management API, the client must obtain an access token to be included in the HTTP request headers. For authorization to the Account Management API, a client is required to be authorized through OpenID Connect authentication, specific to the Authorization Code Flow. For more details about Authorization Code Flow and OAuth 2.0 please see:

• Authorization Code Flow
• Authorization Code Flow Tutorial
• OAuth 2.0 Documentation

OpenID configuration

Deploy and configure KeyCloak, an OpenID Connect provider. For KeyCloak deployment and configuration please see:

• Configure KeyCloak, an OpenID Connect Provider

• Deploy Account Management User Interface with Keycloak Configurations

Authorization by access token

Authorization involves the client, an OpenID provider and the Account Management API. The client will handle several requests to obtain an access token that will be used to authorize the client to the Account Management API.

1. The client redirects the user to the OpenID Connect provider
2. The user authenticates with the OpenID Connect provider
3. The user is redirected back to the client with the Authorization Code in the URL
4. The client passes this Authorization Code back to the Account Management API (i.e., https://<ACCOUNT-MANAGEMENT-API>//admin/oauth2/tokens)
5. The Account Management API will provide an access token which can be used in the HTTP Authorization request header in all subsequent requests

For detailed information on how to implement OpenID Connect for the OAuth 2.0 protocol, please see:

OpenID Connect Basic Client Implementer’s Guide

Adding the access token to request headers

The OAuth 2.0 access token returned from the previous series of requests is a bearer token that will be used with requests from the client to the Account Management API. The bearer token should be added to the HTTP request headers when making requests to the Account Management API Service.

For Example:

Authorization: Bearer AbCdEf123456