Account Management API Overview

note

Account Management API is now deprecated and we recommend that you use Account Management functionality built into Elastic Path Commerce 8.2 and later.

Account Management API resources model the fundamental aspects of B2B ecommerce with each resource encapsulating a single part of the B2B ecommerce process. For example, Account Management API has resources for:

• Accounts
• Associates
• Authorization Contexts
• Profiles

Workflow

Resources are linked together with other related resources into workflows that can be used to perform an action. For example, the workflow to create a new associate for a buyer organization involves retrieving the organization, and then following the associates link to the associateform. Then “associateform” is used to create a new associate for that specific organization. By following these workflows, you can perform actions such as add an organization, add a division, perform a search and so on.

Authentication

Account Management API authorization requires OpenID Connect with the OAuth 2.0 protocol. In order to authenticate to the Account Management API, the client must obtain an access token to be included in the HTTP request headers. For authorization to the Account Management API, a client is required to be authorized through OpenID Connect authentication, specifically the Authorization Code Flow. For more information about the Authorization Code Flow and OpenID Connect, see:

• OpenID Connect Basic Client Implementer’s Guide

OpenID configuration

You must configure an identity provider to use with Account Management, such as: - Okta - Keycloak

Authorization by access token

Authorization involves the client, an OpenID provider and the Account Management API. The client will handle several requests to obtain an access token that will be used to authorize the client to the Account Management API.

1. The client redirects the user to the OpenID Connect provider.
2. The user authenticates with the OpenID Connect provider.
3. The user is redirected back to the client with the Authorization Code in the URL.
4. The client passes this Authorization Code back to the Account Management API, https://<ACCOUNT-MANAGEMENT-API>//admin/oauth2/tokens.
5. The Account Management API provides an access token that can be used in the HTTP Authorization request header in all subsequent requests.

For more information on implementing OpenID Connect for the OAuth 2.0 protocol, see the OpenID Connect Basic Client Implementer’s Guide.

Adding the access token to request headers

The OAuth 2.0 access token returned from the previous series of requests is a bearer token that is used with requests from the client to the Account Management API. The bearer token should be added to the HTTP request headers when making requests to the Account Management API Service. The following code is an example:

Authorization: Bearer AbCdEf123456

Deleting the access token

The OAuth 2.0 token will be valid until it expires or is deleted. The following code is an example to delete the token:

curl 'https://<ACCOUNT-MANAGEMENT-API>/admin/oauth2/tokens' -X DELETE -H 'authorization: bearer AbCdEf123456'