Integration Server
The Integration Server is a horizontally scalable Self-Managed Commerce webapp that consumes and processes messages from JMS queues and exposes a set of REST APIs for use by trusted back-end services. It is used in client projects for back-end integrations and uses the following technologies:
Apache Camel
A framework for asynchronous integration that provides concrete implementations of Enterprise Integration Patterns (EIP), connectivity to a wide variety of transports and APIs, and domain specific languages to wire EIPs and transports together.
Spring Security
Enforces HTTP Basic Authentication on all Integration Server endpoints, with the exception of the
/statusand/healthcheckendpoints, which are left unsecured so that health probes and load balancers can reach them. Authentication is backed by the Commerce Manager user store, and access is restricted to users assigned to theWeb Service Accessrole (internallyWSUSER) or a superuser role. For details, see API Security.
REST APIs
Integration Server exposes the following REST APIs. Each path is rooted at the Integration Server context (for example, http://<host>:8083/integration):
| Base Path | API |
|---|---|
/insights | Operational Insights API - Retrieve configuration and runtime metrics from all Self-Managed Commerce services in a running environment. |
/importexport | Import/Export API - Export and import Self-Managed Commerce data as XML documents. |
/syndication/v1/catalog | Catalog Syndication API - Retrieve catalog projections (brands, offers, attributes, options, field metadata, categories) for downstream systems. |
API Security
Integration Server should not be exposed on the public internet, as described in our Security Positioning Statement. These APIs should be restricted by network security for use by trusted, internal services.
In addition to network controls, Integration Server APIs require HTTP Basic Authentication. Every request must include an Authorization header of the form Basic <credentials>, where <credentials> is the Base64 encoding of <username>:<password>. For example, the credentials apiuser:s3cret-pass encode to YXBpdXNlcjpzM2NyZXQtcGFzcw==, producing this header:
Authorization: Basic YXBpdXNlcjpzM2NyZXQtcGFzcw==
Most HTTP clients handle the encoding automatically. With curl, pass the credentials via -u:
curl -u apiuser:s3cret-pass https://<integration-host>/integration/insights/request
Valid credentials are the username and password of any Commerce Manager user assigned to the built-in Web Service Access user role. The role is assigned to a user in Commerce Manager under Configuration → User Roles. For more information about the role itself, see Built-in User Roles.
important
In production environments, disable the default admin user and create a dedicated user for API access. The admin account ships with well-known default credentials, so leaving it enabled is a credential-guessing risk.
Configuring the Integration Server
- Velocity Email Formatting - Customize the Velocity templates used to format outgoing email messages.
- Performance Considerations - Tune concurrent JMS consumers for performance.