b2c-slas
B2C SLAS Skill
Use the b2c CLI plugin to manage SLAS (Shopper Login and API Access Service) API clients and credentials.
Important: SLAS is for shopper (customer) authentication used by storefronts and headless commerce. For admin tokens (OCAPI, Admin APIs), use
b2c auth token- see b2c-config skill.
Tip: If
b2cis not installed globally, usenpx @salesforce/b2c-cliinstead (e.g.,npx @salesforce/b2c-cli slas client list).
Configuration
Values like tenantId, shortCode, slasClientId, and slasClientSecret resolve from dw.json / SFCC_* env vars / the active instance. Examples below show minimal usage; add flags only to override configured values. If a required value is missing, the CLI emits an actionable error pointing at the flag, env var, and config key. See the b2c-config skill for precedence details.
Relevant overrides:
--tenant-id/SFCC_TENANT_ID/tenantId--short-code/SFCC_SHORTCODE/shortCode--slas-client-id/SFCC_SLAS_CLIENT_ID/slasClientId--slas-client-secret/SFCC_SLAS_CLIENT_SECRET/slasClientSecret
When to Use
Common scenarios requiring SLAS client management:
- Testing Custom APIs: Create a client with custom scopes (e.g.,
c_loyalty) to test your Custom API endpoints - PWA/Headless Development: Configure clients for composable storefronts
- Integration Testing: Create dedicated test clients with specific scope sets
Examples
List SLAS Clients
# list all SLAS clients for the configured tenant
b2c slas client list
# JSON output
b2c slas client list --json
# target a different tenant than the active config
b2c slas client list --tenant-id abcd_123
Get SLAS Client Details
# get details for a specific SLAS client
b2c slas client get my-client-id
Create SLAS Client
# create a new SLAS client with default scopes (auto-generates UUID client ID)
b2c slas client create --channels RefArch --default-scopes --redirect-uri http://localhost:3000/callback
# create with a specific client ID and custom scopes
b2c slas client create my-client-id --channels RefArch --scopes sfcc.shopper-products,sfcc.shopper-search --redirect-uri http://localhost:3000/callback
# create a public client
b2c slas client create --channels RefArch --default-scopes --redirect-uri http://localhost:3000/callback --public
# create client without auto-creating tenant (if you manage tenants separately)
b2c slas client create --channels RefArch --default-scopes --redirect-uri http://localhost:3000/callback --no-create-tenant
# output as JSON (useful for capturing the generated secret)
b2c slas client create --channels RefArch --default-scopes --redirect-uri http://localhost:3000/callback --json
Note: By default, the tenant is automatically created if it doesn't exist.
Warning: Use --scopes (plural) for client scopes, NOT --auth-scope (singular). The --auth-scope flag is a global authentication option for OAuth scopes.
Create Client for Custom API Testing
When testing a Custom API that requires custom scopes:
# Create a private client with custom scope for testing
# Replace c_my_scope with your API's custom scope from schema.yaml
b2c slas client create \
--channels RefArch \
--default-scopes \
--scopes "c_my_scope" \
--redirect-uri http://localhost:3000/callback \
--json
# Output includes client_id and client_secret - save these for token requests
Important: The custom scope in your SLAS client must match the scope defined in your Custom API's schema.yaml security section.
Get a Shopper Token
Use b2c slas token to obtain a shopper access token for API testing. The --site-id is specific to the request and must be provided per call.
# Guest token with auto-discovery (finds first public SLAS client)
b2c slas token --site-id RefArch
# Registered customer token
b2c slas token --site-id RefArch --shopper-login user@example.com --shopper-password secret
# JSON output (includes refresh token, expiry, usid, etc.)
b2c slas token --site-id RefArch --json
# Use token in a subsequent API call
TOKEN=$(b2c slas token --site-id RefArch)
curl -H "Authorization: Bearer $TOKEN" "https://$SHORTCODE.api.commercecloud.salesforce.com/..."
# Override the SLAS client explicitly (e.g., targeting a private client for client_credentials flow)
b2c slas token --site-id RefArch --slas-client-id my-client --slas-client-secret sk_xxx
Update SLAS Client
# update the display name
b2c slas client update my-client-id --name "New Name"
# rotate the client secret
b2c slas client update my-client-id --secret new-secret-value
# add scopes (appends to existing by default)
b2c slas client update my-client-id --scopes sfcc.shopper-baskets
# replace scopes instead of appending
b2c slas client update my-client-id --scopes sfcc.shopper-baskets --replace
# replace channels
b2c slas client update my-client-id --channels RefArch,SiteGenesis --replace
Delete SLAS Client
# delete a SLAS client
b2c slas client delete my-client-id
More Commands
See b2c slas --help for a full list of available commands and options in the slas topic.
Related Skills
b2c:b2c-custom-api-development- Creating Custom APIs that require SLAS authenticationb2c-cli:b2c-scapi-custom- Checking Custom API registration status
More from salesforcecommercecloud/b2c-developer-tooling
b2c-docs
Search and read B2C Commerce Script API documentation and XSD schemas using the b2c CLI. Use this skill whenever the user needs to look up class methods, understand API signatures, find available properties on commerce objects (baskets, orders, products, customers), or check XML schema formats for imports. Also use when writing server-side scripts and needing API reference — even if they just say "what methods does Basket have" or "what fields can I import for products".
116b2c-webdav
List, upload, download, and manage files on B2C Commerce instances via WebDAV. Use this skill whenever the user needs to upload files to IMPEX directories, download exports from an instance, list remote files, create or delete directories, or zip/unzip files on the server. Also use when managing file transfers to sandboxes or browsing instance file systems -- even if they just say 'upload a file to the instance' or 'check what's in the IMPEX folder'.
103b2c-slas-auth-patterns
Implement SLAS authentication patterns in B2C Commerce including passwordless login (email OTP, SMS OTP, passkeys), session bridging between PWA Kit/Storefront Next and SFRA, hybrid authentication (B2C 25.3+), token refresh flows, trusted system on behalf of (TSOB), and JWT validation. Use this skill whenever the user asks about shopper authentication beyond basic login, token exchange flows, passwordless or biometric auth, keeping sessions alive across storefronts, handling 409 Conflict errors on token endpoints, refreshing shopper tokens, or validating JWTs — even if they don't mention SLAS by name.
90b2c-config
Inspect and debug CLI configuration, instance connections, and authentication. Use this skill whenever the user needs to check which dw.json or credentials are active, manage multiple instance profiles, retrieve OAuth tokens for scripting, troubleshoot authentication failures or connection errors, or integrate with VS Code or other editors. Also use when environment variables override config or the wrong sandbox is being targeted -- even if they just say 'why is it connecting to the wrong instance' or 'get me an access token'.
90b2c-controllers
Create storefront controllers using SFRA or classic patterns with server.get/post, middleware chains, and res.render/json. Use this skill whenever the user needs to build a page route, handle form submissions, create AJAX endpoints, extend or override existing controllers, or add middleware to a request pipeline. Also use when debugging route registration or response rendering -- even if they just say 'new page endpoint' or 'handle a POST request'.
86b2c-scapi-schemas
Browse and retrieve SCAPI OpenAPI schema specifications. Use this skill whenever the user needs to list available SCAPI APIs, inspect endpoint paths or request/response shapes, explore data models for products or orders, check which fields an API returns, or understand SCAPI versioning. Also use when looking up API details before building an integration -- even if they just say 'what fields does the product API return' or 'show me the SCAPI endpoints'.
84