b2c-am
B2C Account Manager Skill
Use the b2c am commands to manage Account Manager resources: API clients, users, roles, and organizations.
Tip: If
b2cis not installed globally, usenpx @salesforce/b2c-cliinstead (e.g.,npx @salesforce/b2c-cli am clients list).
Authentication
Account Manager commands work out of the box with no configuration. The CLI uses a built-in public client and opens a browser for login.
- Zero-config (browser login): Default. Just run the commands -- the CLI opens a browser for login.
- Client credentials: For CI/CD and automation. Pass
--client-idand--client-secret(or setSFCC_CLIENT_IDandSFCC_CLIENT_SECRETenv vars). - Force browser login (
--user-auth): When client credentials are configured but you need browser-based login (required for org and client management).
Role Requirements
| Operations | Client Credentials (roles on API client) | User Auth (roles on user account) |
|---|---|---|
| Users & Roles | User Administrator | Account Administrator or User Administrator |
| Organizations | Not supported -- use --user-auth |
Account Administrator |
| API Clients | Not supported -- use --user-auth |
Account Administrator or API Administrator |
Organization and API client management are only available with user authentication.
API Clients
List Clients
b2c am clients list
# with pagination
b2c am clients list --size 50 --page 2
# JSON output
b2c am clients list --json
Get Client
# by UUID
b2c am clients get <api-client-id>
# with expanded organizations and roles
b2c am clients get <api-client-id> --expand organizations,roles
Create Client
Clients are created inactive by default. Requires user auth.
b2c am clients create \
--name "My API Client" \
--orgs <org-id> \
--password "securePassword123"
# with roles, role tenant filter, and redirect URLs
b2c am clients create \
--name "CI/CD Pipeline" \
--orgs <org-id> \
--password "securePassword123" \
--roles SALESFORCE_COMMERCE_API \
--role-tenant-filter "SALESFORCE_COMMERCE_API:zzxy_prd" \
--redirect-urls "https://example.com/callback" \
--active
Update Client
Partial update -- only specified fields are changed.
b2c am clients update <api-client-id> --name "New Name"
b2c am clients update <api-client-id> --active
Change Client Password
b2c am clients password <api-client-id> --current "oldPass" --new "newSecurePass123"
Delete Client
Client must be disabled for 7+ days before deletion. Destructive operation (safe mode check).
b2c am clients delete <api-client-id>
Users
List Users
b2c am users list
# with extended columns (roles, organizations)
b2c am users list --extended
# JSON output with pagination
b2c am users list --size 100 --json
Get User
b2c am users get user@example.com
# with expanded roles and organizations
b2c am users get user@example.com --expand-all
Create User
b2c am users create \
--org "My Organization" \
--mail user@example.com \
--first-name Jane \
--last-name Doe
The --org flag accepts either an org ID or org name. Users are created in INITIAL state with no roles.
Update User
b2c am users update user@example.com --first-name Janet --last-name Smith
Delete User
Soft-deletes by default. Use --purge for hard delete (user must already be in DELETED state).
# soft delete
b2c am users delete user@example.com
# hard delete (purge)
b2c am users delete developer@example.com --purge
Reset User Password
Resets password to INITIAL state, clearing expiration. Destructive operation (safe mode check).
b2c am users reset user@example.com
Roles
List Roles
b2c am roles list
# filter by target type
b2c am roles list --target-type User
b2c am roles list --target-type ApiClient
Get Role
b2c am roles get bm-admin
b2c am roles get SLAS_ORGANIZATION_ADMIN
Grant Role to User
b2c am roles grant user@example.com --role bm-admin
# with tenant scope
b2c am roles grant user@example.com --role bm-admin --scope zzzz_001,zzzz_002
Revoke Role from User
# revoke entire role
b2c am roles revoke user@example.com --role bm-admin
# revoke specific tenant scopes only
b2c am roles revoke user@example.com --role bm-admin --scope zzzz_001
Organizations
List Organizations
b2c am orgs list
# all organizations (max page size)
b2c am orgs list --all
# extended columns
b2c am orgs list --extended
Get Organization
Accepts org ID or name.
b2c am orgs get <org-id>
b2c am orgs get "My Organization"
Common Workflows
User Onboarding
# Create the user
b2c am users create --org $ORG_ID --mail developer@example.com \
--first-name Alex --last-name Developer
# Grant Business Manager Admin role scoped to a specific tenant
b2c am roles grant developer@example.com --role bm-admin --scope zzxy_prd
User Offboarding
# Revoke roles
b2c am roles revoke developer@example.com --role bm-admin
# Soft delete the user
b2c am users delete developer@example.com
# Permanent deletion (user must be in DELETED state first)
b2c am users delete developer@example.com --purge
Bulk Operations with JSON
# Export all users as JSON
b2c am users list --size 4000 --json
# Pipe to jq for filtering
b2c am users list --json | jq '.[] | select(.userState == "ACTIVE")'
Common Patterns
All am commands support --json for programmatic output. List commands support --columns, --extended, --size, and --page for pagination and column control.
Destructive operations (user delete, user reset, client delete) check safe mode. Only delete or purge users when explicitly requested.
More Commands
See b2c am --help for a full list of available commands and options.
More from salesforcecommercecloud/b2c-developer-tooling
b2c-docs
Search and read B2C Commerce Script API documentation and XSD schemas using the b2c CLI. Use this skill whenever the user needs to look up class methods, understand API signatures, find available properties on commerce objects (baskets, orders, products, customers), or check XML schema formats for imports. Also use when writing server-side scripts and needing API reference — even if they just say "what methods does Basket have" or "what fields can I import for products".
116b2c-webdav
List, upload, download, and manage files on B2C Commerce instances via WebDAV. Use this skill whenever the user needs to upload files to IMPEX directories, download exports from an instance, list remote files, create or delete directories, or zip/unzip files on the server. Also use when managing file transfers to sandboxes or browsing instance file systems -- even if they just say 'upload a file to the instance' or 'check what's in the IMPEX folder'.
103b2c-slas-auth-patterns
Implement SLAS authentication patterns in B2C Commerce including passwordless login (email OTP, SMS OTP, passkeys), session bridging between PWA Kit/Storefront Next and SFRA, hybrid authentication (B2C 25.3+), token refresh flows, trusted system on behalf of (TSOB), and JWT validation. Use this skill whenever the user asks about shopper authentication beyond basic login, token exchange flows, passwordless or biometric auth, keeping sessions alive across storefronts, handling 409 Conflict errors on token endpoints, refreshing shopper tokens, or validating JWTs — even if they don't mention SLAS by name.
90b2c-config
Inspect and debug CLI configuration, instance connections, and authentication. Use this skill whenever the user needs to check which dw.json or credentials are active, manage multiple instance profiles, retrieve OAuth tokens for scripting, troubleshoot authentication failures or connection errors, or integrate with VS Code or other editors. Also use when environment variables override config or the wrong sandbox is being targeted -- even if they just say 'why is it connecting to the wrong instance' or 'get me an access token'.
90b2c-controllers
Create storefront controllers using SFRA or classic patterns with server.get/post, middleware chains, and res.render/json. Use this skill whenever the user needs to build a page route, handle form submissions, create AJAX endpoints, extend or override existing controllers, or add middleware to a request pipeline. Also use when debugging route registration or response rendering -- even if they just say 'new page endpoint' or 'handle a POST request'.
86b2c-scapi-schemas
Browse and retrieve SCAPI OpenAPI schema specifications. Use this skill whenever the user needs to list available SCAPI APIs, inspect endpoint paths or request/response shapes, explore data models for products or orders, check which fields an API returns, or understand SCAPI versioning. Also use when looking up API details before building an integration -- even if they just say 'what fields does the product API return' or 'show me the SCAPI endpoints'.
84