Skills
skills/salesforcecommercecloud/b2c-developer-tooling/b2c-slas

b2c-slas

SKILL.md

B2C SLAS Skill

Use the b2c CLI plugin to manage SLAS (Shopper Login and API Access Service) API clients and credentials.

Important: SLAS is for shopper (customer) authentication used by storefronts and headless commerce. For admin tokens (OCAPI, Admin APIs), use b2c auth token - see b2c-config skill.

Tip: If b2c is not installed globally, use npx @salesforce/b2c-cli instead (e.g., npx @salesforce/b2c-cli slas client list).

When to Use

Common scenarios requiring SLAS client management:

  • Testing Custom APIs: Create a client with custom scopes (e.g., c_loyalty) to test your Custom API endpoints
  • PWA/Headless Development: Configure clients for composable storefronts
  • Integration Testing: Create dedicated test clients with specific scope sets

Examples

List SLAS Clients

# list all SLAS clients for a tenant
b2c slas client list --tenant-id abcd_123

# list with JSON output
b2c slas client list --tenant-id abcd_123 --json

Get SLAS Client Details

# get details for a specific SLAS client
b2c slas client get my-client-id --tenant-id abcd_123

Create SLAS Client

# create a new SLAS client with default scopes (auto-generates UUID client ID)
b2c slas client create --tenant-id abcd_123 --channels RefArch --default-scopes --redirect-uri http://localhost:3000/callback

# create with a specific client ID and custom scopes
b2c slas client create my-client-id --tenant-id abcd_123 --channels RefArch --scopes sfcc.shopper-products,sfcc.shopper-search --redirect-uri http://localhost:3000/callback

# create a public client
b2c slas client create --tenant-id abcd_123 --channels RefArch --default-scopes --redirect-uri http://localhost:3000/callback --public

# create client without auto-creating tenant (if you manage tenants separately)
b2c slas client create --tenant-id abcd_123 --channels RefArch --default-scopes --redirect-uri http://localhost:3000/callback --no-create-tenant

# output as JSON (useful for capturing the generated secret)
b2c slas client create --tenant-id abcd_123 --channels RefArch --default-scopes --redirect-uri http://localhost:3000/callback --json

Note: By default, the tenant is automatically created if it doesn't exist.

Warning: Use --scopes (plural) for client scopes, NOT --auth-scope (singular). The --auth-scope flag is a global authentication option for OAuth scopes.

Create Client for Custom API Testing

When testing a Custom API that requires custom scopes:

# Create a private client with custom scope for testing
# Replace c_my_scope with your API's custom scope from schema.yaml
b2c slas client create \
  --tenant-id zzpq_013 \
  --channels RefArch \
  --default-scopes \
  --scopes "c_my_scope" \
  --redirect-uri http://localhost:3000/callback \
  --json

# Output includes client_id and client_secret - save these for token requests

Important: The custom scope in your SLAS client must match the scope defined in your Custom API's schema.yaml security section.

Get a Shopper Token

Use b2c slas token to obtain a shopper access token for API testing:

# Guest token with auto-discovery (finds first public SLAS client)
b2c slas token --tenant-id abcd_123 --site-id RefArch

# Guest token with explicit client (public PKCE flow)
b2c slas token --slas-client-id my-client --tenant-id abcd_123 --short-code kv7kzm78 --site-id RefArch

# Guest token with private client (client_credentials flow)
b2c slas token --slas-client-id my-client --slas-client-secret sk_xxx --tenant-id abcd_123 --short-code kv7kzm78 --site-id RefArch

# Registered customer token
b2c slas token --tenant-id abcd_123 --site-id RefArch --shopper-login user@example.com --shopper-password secret

# JSON output (includes refresh token, expiry, usid, etc.)
b2c slas token --tenant-id abcd_123 --site-id RefArch --json

# Use token in a subsequent API call
TOKEN=$(b2c slas token --tenant-id abcd_123 --site-id RefArch)
curl -H "Authorization: Bearer $TOKEN" "https://kv7kzm78.api.commercecloud.salesforce.com/..."

The --slas-client-id and --slas-client-secret can also be set via SFCC_SLAS_CLIENT_ID and SFCC_SLAS_CLIENT_SECRET environment variables, or slasClientId and slasClientSecret in dw.json.

Update SLAS Client

# update the display name
b2c slas client update my-client-id --tenant-id abcd_123 --name "New Name"

# rotate the client secret
b2c slas client update my-client-id --tenant-id abcd_123 --secret new-secret-value

# add scopes (appends to existing by default)
b2c slas client update my-client-id --tenant-id abcd_123 --scopes sfcc.shopper-baskets

# replace scopes instead of appending
b2c slas client update my-client-id --tenant-id abcd_123 --scopes sfcc.shopper-baskets --replace

# replace channels
b2c slas client update my-client-id --tenant-id abcd_123 --channels RefArch,SiteGenesis --replace

Delete SLAS Client

# delete a SLAS client
b2c slas client delete my-client-id --tenant-id abcd_123

Configuration

The tenant ID can be set via environment variable:

  • SFCC_TENANT_ID: SLAS tenant ID (organization ID)

More Commands

See b2c slas --help for a full list of available commands and options in the slas topic.

Related Skills

  • b2c:b2c-custom-api-development - Creating Custom APIs that require SLAS authentication
  • b2c-cli:b2c-scapi-custom - Checking Custom API registration status
Weekly Installs
59
Repository
salesforcecomme…-tooling
GitHub Stars
30
First Seen
Feb 11, 2026
Security Audits
Gen Agent Trust HubPass
SocketPass
SnykFail
Installed on
github-copilot53
codex51
opencode50
cursor49
kimi-cli48
gemini-cli48