b2c-scapi-shopper
Shopper Commerce APIs (SCAPI)
This skill guides you through consuming standard Shopper APIs for building headless commerce experiences. Shopper APIs are RESTful endpoints designed for customer-facing storefronts.
Note: For creating custom API endpoints, see b2c-custom-api-development. This skill focuses on consuming standard Shopper APIs.
Overview
Shopper APIs are designed for frontend commerce applications:
- Client: PWA Kit, composable storefronts, mobile apps
- Authentication: SLAS (Shopper Login and API Access Service)
- Response Time: < 10 seconds (HTTP 504 if exceeded)
- CORS: Not supported - use a reverse proxy or BFF (Backend for Frontend)
Base URL Structure
https://{shortCode}.api.commercecloud.salesforce.com/{apiFamily}/{apiName}/v1/organizations/{organizationId}/{resource}?siteId={siteId}
Example:
https://kv7kzm78.api.commercecloud.salesforce.com/product/shopper-products/v1/organizations/f_ecom_zzte_053/products/25518823M?siteId=RefArchGlobal
Note: Shopper Baskets API supports both v1 and v2. Use v2 for newer features.
Configuration Values
| Value | Description | Example |
|---|---|---|
shortCode |
8-character API routing code | kv7kzm78 |
organizationId |
Instance identifier | f_ecom_zzte_053 |
siteId |
Site/channel name | RefArchGlobal |
Find these in Business Manager: Administration > Site Development > Salesforce Commerce API Settings
Authentication
Shopper APIs require SLAS tokens. SLAS supports guest and registered shopper flows.
Create SLAS Client
# Create client with default scopes for a shopping app
b2c slas client create \
--tenant-id zzte_053 \
--channels RefArchGlobal \
--default-scopes \
--redirect-uri http://localhost:3000/callback
See b2c-slas skill for full client management.
Get Guest Token
const response = await fetch(
`https://${shortCode}.api.commercecloud.salesforce.com/shopper/auth/v1/organizations/${orgId}/oauth2/token`,
{
method: 'POST',
headers: {
'Content-Type': 'application/x-www-form-urlencoded',
'Authorization': `Basic ${btoa(clientId + ':' + clientSecret)}`
},
body: new URLSearchParams({
grant_type: 'client_credentials',
channel_id: siteId
})
}
);
const { access_token, refresh_token } = await response.json();
Required Scopes
All Shopper API scopes must be configured on your SLAS client. See Scopes Reference for the complete list.
| API Family | Scope |
|---|---|
| Products | sfcc.shopper-products |
| Search | sfcc.shopper-product-search |
| Baskets | sfcc.shopper-baskets-orders.rw |
| Orders | sfcc.shopper-baskets-orders |
| Customers | sfcc.shopper-customers.login, sfcc.shopper-myaccount.rw |
API Families
Shopper Products
Retrieve product details, pricing, and availability.
// Get product by ID
const product = await fetch(
`https://${shortCode}.api.commercecloud.salesforce.com/product/shopper-products/v1/organizations/${orgId}/products/${productId}?siteId=${siteId}`,
{
headers: { 'Authorization': `Bearer ${accessToken}` }
}
).then(r => r.json());
// Get multiple products
const products = await fetch(
`https://${shortCode}.api.commercecloud.salesforce.com/product/shopper-products/v1/organizations/${orgId}/products?ids=prod1,prod2,prod3&siteId=${siteId}`,
{
headers: { 'Authorization': `Bearer ${accessToken}` }
}
).then(r => r.json());
Shopper Search
Product search and suggestions.
// Search products
const results = await fetch(
`https://${shortCode}.api.commercecloud.salesforce.com/search/shopper-search/v1/organizations/${orgId}/product-search?siteId=${siteId}&q=shirt&limit=25`,
{
headers: { 'Authorization': `Bearer ${accessToken}` }
}
).then(r => r.json());
// Get search suggestions
const suggestions = await fetch(
`https://${shortCode}.api.commercecloud.salesforce.com/search/shopper-search/v1/organizations/${orgId}/search-suggestions?siteId=${siteId}&q=shi`,
{
headers: { 'Authorization': `Bearer ${accessToken}` }
}
).then(r => r.json());
Shopper Baskets
Create and manage shopping carts. See Checkout Flow Reference for the complete flow.
// Create basket
const basket = await fetch(
`https://${shortCode}.api.commercecloud.salesforce.com/checkout/shopper-baskets/v1/organizations/${orgId}/baskets?siteId=${siteId}`,
{
method: 'POST',
headers: {
'Authorization': `Bearer ${accessToken}`,
'Content-Type': 'application/json'
},
body: JSON.stringify({})
}
).then(r => r.json());
// Add item to basket
await fetch(
`https://${shortCode}.api.commercecloud.salesforce.com/checkout/shopper-baskets/v1/organizations/${orgId}/baskets/${basketId}/items?siteId=${siteId}`,
{
method: 'POST',
headers: {
'Authorization': `Bearer ${accessToken}`,
'Content-Type': 'application/json'
},
body: JSON.stringify([{
productId: '25518823M',
quantity: 1
}])
}
);
Shopper Orders
Submit orders and retrieve order history.
// Create order from basket
const order = await fetch(
`https://${shortCode}.api.commercecloud.salesforce.com/checkout/shopper-orders/v1/organizations/${orgId}/orders?siteId=${siteId}`,
{
method: 'POST',
headers: {
'Authorization': `Bearer ${accessToken}`,
'Content-Type': 'application/json'
},
body: JSON.stringify({
basketId: basket.basketId
})
}
).then(r => r.json());
Shopper Customers
Customer registration, login, and account management.
// Get customer profile (registered shopper)
const customer = await fetch(
`https://${shortCode}.api.commercecloud.salesforce.com/customer/shopper-customers/v1/organizations/${orgId}/customers/${customerId}?siteId=${siteId}`,
{
headers: { 'Authorization': `Bearer ${accessToken}` }
}
).then(r => r.json());
Shopper Context API
Maintain personalization state across requests using the Shopper Context API. The siteId query parameter is required for all Shopper Context operations.
// Set shopper context
await fetch(
`https://${shortCode}.api.commercecloud.salesforce.com/shopper/shopper-context/v1/organizations/${orgId}/shopper-context/${usid}?siteId=${siteId}`,
{
method: 'PUT',
headers: {
'Authorization': `Bearer ${accessToken}`,
'Content-Type': 'application/json'
},
body: JSON.stringify({
effectiveDateTime: new Date().toISOString(),
sourceCode: 'SUMMER2024',
customerGroupIds: ['VIP', 'Loyalty']
})
}
);
When to Set Context
- Initial visit/login: Immediately after obtaining SLAS token
- Token refresh: Reuse existing USID for session continuity
- Login transitions: When shopper changes from guest to registered (or vice versa)
- Logout: Clear context explicitly
Quota Limits
| Environment | Limit |
|---|---|
| Non-production | 5,000 records |
| Production | 1,000,000 records |
Strategies to manage quota:
- Use lower TTL (1-2 days for registered shoppers)
- Reuse USIDs for the same shopper
- Explicitly log out shoppers to delete context
Best Practices
- Set context immediately after obtaining SLAS token
- Use the USID from the SLAS token response
- Context TTL: 1 day (guest), 7 days (registered)
- Security: Use private SLAS clients only, call from BFF (not browser)
- Don't use Shopper Context for data that's automatically set (like geolocation)
Performance Optimization
Use select Parameter
Return only needed fields to reduce response size:
// Only return specific product fields
const product = await fetch(
`https://${shortCode}.api.commercecloud.salesforce.com/product/shopper-products/v1/organizations/${orgId}/products/${productId}?siteId=${siteId}&select=(id,name,price,images)`,
{
headers: { 'Authorization': `Bearer ${accessToken}` }
}
).then(r => r.json());
Use expand Carefully
Expansions increase response time and reduce cache effectiveness:
// Expand availability (60-second cache TTL)
const product = await fetch(
`...?expand=availability,images,prices`,
{ headers: { 'Authorization': `Bearer ${accessToken}` } }
).then(r => r.json());
Consider separate requests instead of low-cache expansions.
Enable Compression
Always enable HTTP compression in your client for faster responses.
See Common Patterns Reference for more optimization patterns.
Debugging
Correlation IDs
Include correlation IDs for request tracking:
const response = await fetch(url, {
headers: {
'Authorization': `Bearer ${accessToken}`,
'correlation-id': crypto.randomUUID()
}
});
// Check response header for SCAPI-generated ID
const scapiCorrelationId = response.headers.get('sfdc_correlation_id');
Search Log Center with: externalID:({correlation-id})
Verbose Logging
Enable verbose logging for debugging:
const response = await fetch(url, {
headers: {
'Authorization': `Bearer ${accessToken}`,
'sfdc_verbose': 'true'
}
});
Find logs in Log Center under scapi.verbose category.
Related Skills
- b2c-slas - Create and manage SLAS clients
- b2c-slas-auth-patterns - Advanced auth: OTP, passkeys, session bridge
- b2c-scapi-schemas - Browse OpenAPI schemas
- b2c-custom-api-development - Create custom endpoints
Reference Documentation
- Checkout Flow - Complete basket to order workflow
- Common Patterns - Error handling, pagination, field selection
- Scopes Reference - Complete shopper scope reference by API family
More from salesforcecommercecloud/b2c-developer-tooling
b2c-docs
Search and read B2C Commerce Script API documentation and XSD schemas using the b2c CLI. Use this skill whenever the user needs to look up class methods, understand API signatures, find available properties on commerce objects (baskets, orders, products, customers), or check XML schema formats for imports. Also use when writing server-side scripts and needing API reference — even if they just say "what methods does Basket have" or "what fields can I import for products".
116b2c-webdav
List, upload, download, and manage files on B2C Commerce instances via WebDAV. Use this skill whenever the user needs to upload files to IMPEX directories, download exports from an instance, list remote files, create or delete directories, or zip/unzip files on the server. Also use when managing file transfers to sandboxes or browsing instance file systems -- even if they just say 'upload a file to the instance' or 'check what's in the IMPEX folder'.
103b2c-slas-auth-patterns
Implement SLAS authentication patterns in B2C Commerce including passwordless login (email OTP, SMS OTP, passkeys), session bridging between PWA Kit/Storefront Next and SFRA, hybrid authentication (B2C 25.3+), token refresh flows, trusted system on behalf of (TSOB), and JWT validation. Use this skill whenever the user asks about shopper authentication beyond basic login, token exchange flows, passwordless or biometric auth, keeping sessions alive across storefronts, handling 409 Conflict errors on token endpoints, refreshing shopper tokens, or validating JWTs — even if they don't mention SLAS by name.
90b2c-config
Inspect and debug CLI configuration, instance connections, and authentication. Use this skill whenever the user needs to check which dw.json or credentials are active, manage multiple instance profiles, retrieve OAuth tokens for scripting, troubleshoot authentication failures or connection errors, or integrate with VS Code or other editors. Also use when environment variables override config or the wrong sandbox is being targeted -- even if they just say 'why is it connecting to the wrong instance' or 'get me an access token'.
90b2c-controllers
Create storefront controllers using SFRA or classic patterns with server.get/post, middleware chains, and res.render/json. Use this skill whenever the user needs to build a page route, handle form submissions, create AJAX endpoints, extend or override existing controllers, or add middleware to a request pipeline. Also use when debugging route registration or response rendering -- even if they just say 'new page endpoint' or 'handle a POST request'.
86b2c-scapi-schemas
Browse and retrieve SCAPI OpenAPI schema specifications. Use this skill whenever the user needs to list available SCAPI APIs, inspect endpoint paths or request/response shapes, explore data models for products or orders, check which fields an API returns, or understand SCAPI versioning. Also use when looking up API details before building an integration -- even if they just say 'what fields does the product API return' or 'show me the SCAPI endpoints'.
84