b2c-custom-api-development
Custom API Development Skill
This skill guides you through developing Custom APIs for Salesforce B2C Commerce. Custom APIs let you expose custom script code as REST endpoints under the SCAPI framework.
Tip: If
b2cCLI is not installed globally, usenpx @salesforce/b2c-cliinstead (e.g.,npx @salesforce/b2c-cli code deploy).
Overview
A Custom API URL has this structure:
https://{shortCode}.api.commercecloud.salesforce.com/custom/{apiName}/{apiVersion}/organizations/{organizationId}/{endpointPath}
Three components are required to create a Custom API:
- API Contract - An OAS 3.0 schema file (YAML)
- API Implementation - A script using the B2C Commerce Script API
- API Mapping - An
api.jsonfile binding endpoints to implementations
Cartridge Structure
/my-cartridge
/cartridge
package.json
/rest-apis
/my-api-name # API name (lowercase alphanumeric and hyphens only)
api.json # Mapping file
schema.yaml # OAS 3.0 contract
script.js # Implementation
Important: API directory names can only contain alphanumeric lowercase characters and hyphens.
Component 1: API Contract (schema.yaml)
Minimal example:
openapi: 3.0.0
info:
version: 1.0.0
title: My Custom API
components:
securitySchemes:
ShopperToken:
type: oauth2
flows:
clientCredentials:
tokenUrl: https://{shortCode}.api.commercecloud.salesforce.com/shopper/auth/v1/organizations/{organizationId}/oauth2/token
scopes:
c_my_scope: My custom scope
parameters:
siteId:
name: siteId
in: query
required: true
schema:
type: string
minLength: 1
paths:
/my-endpoint:
get:
operationId: getMyData
parameters:
- $ref: '#/components/parameters/siteId'
responses:
'200':
description: Success
security:
- ShopperToken: ['c_my_scope']
Key requirements:
- Use
ShopperTokenfor Shopper APIs (requires siteId),AmOAuth2for Admin APIs - Custom scopes must start with
c_, max 25 chars - Custom parameters must have
c_prefix
See Contract Reference for full schema examples and Shopper vs Admin API differences.
Component 2: Implementation (script.js)
var RESTResponseMgr = require('dw/system/RESTResponseMgr');
exports.getMyData = function() {
var myParam = request.getHttpParameterMap().get('c_my_param').getStringValue();
var result = { data: 'my data', param: myParam };
RESTResponseMgr.createSuccess(result).render();
};
exports.getMyData.public = true; // Required
Key requirements:
- Mark exported functions with
.public = true - Use
RESTResponseMgr.createSuccess()for responses - Use
RESTResponseMgr.createError()for error responses (RFC 9457 format)
See Implementation Reference for caching, remote includes, and external service calls.
Component 3: Mapping (api.json)
{
"endpoints": [
{
"endpoint": "getMyData",
"schema": "schema.yaml",
"implementation": "script"
}
]
}
Important: Implementation name must NOT include file extension.
Development Workflow
- Create cartridge with
rest-apis/{api-name}/structure - Define contract (schema.yaml) with endpoints and security
- Implement logic (script.js) with exported functions
- Create mapping (api.json) binding endpoints to implementation
- Deploy and activate to register endpoints
- Check registration status and test
Deployment
# Deploy and activate to register endpoints
b2c code deploy ./my-cartridge --reload
# Check registration status
b2c scapi custom status --tenant-id zzpq_013
# Show failed registrations with error reasons
b2c scapi custom status --tenant-id zzpq_013 --status not_registered --columns apiName,endpointPath,errorReason
Authentication Setup
For Shopper APIs
- Create a SLAS client with your custom scope(s):
b2c slas client create --default-scopes --scopes "c_my_scope" - Obtain token via SLAS client credentials
- Include
siteIdin all requests
For Admin APIs
- Configure custom scope in Account Manager
- Obtain token via Account Manager OAuth
- Omit
siteIdfrom requests
See Testing Reference for curl examples and authentication setup.
Troubleshooting
| Error | Cause | Solution |
|---|---|---|
| 400 Bad Request | Invalid/unknown params | Define all params in schema |
| 401 Unauthorized | Invalid token | Check token validity |
| 403 Forbidden | Missing scope | Verify scope in token |
| 404 Not Found | Not registered | Check b2c scapi custom status |
| 500 Internal Error | Script error | Check b2c logs get --level ERROR |
| 503 Service Unavailable | Circuit breaker open | Fix errors, wait for reset |
Registration Issues
- Endpoint not appearing: Verify cartridge is in site's cartridge path, re-activate code version
- Check logs: Use
b2c logs getor filter Log Center withCustomApiRegistry
Related Skills
b2c-cli:b2c-code- Deploying cartridges and activating code versionsb2c-cli:b2c-scapi-custom- Checking Custom API registration statusb2c-cli:b2c-slas- Creating SLAS clients for testing Shopper APIsb2c:b2c-webservices- Service configuration for external calls
Reference Documentation
- Contract Reference - Full schema.yaml examples, Shopper vs Admin APIs
- Implementation Reference - script.js patterns, caching, remote includes
- Testing Reference - Authentication setup, curl examples
More from salesforcecommercecloud/b2c-developer-tooling
b2c-docs
Search and read B2C Commerce Script API documentation and XSD schemas using the b2c CLI. Use this skill whenever the user needs to look up class methods, understand API signatures, find available properties on commerce objects (baskets, orders, products, customers), or check XML schema formats for imports. Also use when writing server-side scripts and needing API reference — even if they just say "what methods does Basket have" or "what fields can I import for products".
116b2c-webdav
List, upload, download, and manage files on B2C Commerce instances via WebDAV. Use this skill whenever the user needs to upload files to IMPEX directories, download exports from an instance, list remote files, create or delete directories, or zip/unzip files on the server. Also use when managing file transfers to sandboxes or browsing instance file systems -- even if they just say 'upload a file to the instance' or 'check what's in the IMPEX folder'.
103b2c-slas-auth-patterns
Implement SLAS authentication patterns in B2C Commerce including passwordless login (email OTP, SMS OTP, passkeys), session bridging between PWA Kit/Storefront Next and SFRA, hybrid authentication (B2C 25.3+), token refresh flows, trusted system on behalf of (TSOB), and JWT validation. Use this skill whenever the user asks about shopper authentication beyond basic login, token exchange flows, passwordless or biometric auth, keeping sessions alive across storefronts, handling 409 Conflict errors on token endpoints, refreshing shopper tokens, or validating JWTs — even if they don't mention SLAS by name.
90b2c-config
Inspect and debug CLI configuration, instance connections, and authentication. Use this skill whenever the user needs to check which dw.json or credentials are active, manage multiple instance profiles, retrieve OAuth tokens for scripting, troubleshoot authentication failures or connection errors, or integrate with VS Code or other editors. Also use when environment variables override config or the wrong sandbox is being targeted -- even if they just say 'why is it connecting to the wrong instance' or 'get me an access token'.
90b2c-controllers
Create storefront controllers using SFRA or classic patterns with server.get/post, middleware chains, and res.render/json. Use this skill whenever the user needs to build a page route, handle form submissions, create AJAX endpoints, extend or override existing controllers, or add middleware to a request pipeline. Also use when debugging route registration or response rendering -- even if they just say 'new page endpoint' or 'handle a POST request'.
86b2c-scapi-schemas
Browse and retrieve SCAPI OpenAPI schema specifications. Use this skill whenever the user needs to list available SCAPI APIs, inspect endpoint paths or request/response shapes, explore data models for products or orders, check which fields an API returns, or understand SCAPI versioning. Also use when looking up API details before building an integration -- even if they just say 'what fields does the product API return' or 'show me the SCAPI endpoints'.
84