OCAPI Client Application Identification 23.2
The Open Commerce API requires that all client applications identify themselves using a client ID.
You can obtain a client ID in Account Manager as explained in Adding a client ID for the Open Commerce API. After you obtain an ID, verify that it is enabled.
Note: You can see a list of all client IDs in your organization by
selecting API Client in the left navigation menu in
Account Manager.
Include the client ID in every API request. It can be passed in several
ways:
- For requests requiring an Authorization:Bearer token, the
client ID is determined from the provided token:
GET https://.../shop/v23_2/baskets Authorization:Bearer token- JWT: the client ID is embedded within the token payload as the 'issuer' claim
- OAuth: the client ID is resolved from the Account Manager using the token
- You can pass a client ID in the
client_idrequest parameter:GET https://example.com/dw/shop/v23_2/products/123456?client_id=[your_own_client_id] - You can pass a client ID in the
x-dw-client-idHTTP header:GET https://example.com/dw/shop/v23_2/products/123456 x-dw-client-id:[your_own_client_id]
If more than one mechanism is used to provide a client ID, it is
resolved using the following order of precedence.
- Bearer token
- Request parameter
- HTTP Header
If you do not provide a client ID, the server returns an HTTP status 400 (Bad Request).
Note: Your client ID must be enabled in Account Manager.
Because client IDs are cached for a time before being revalidated, when
you enable or disable a client ID, its status does not change
immediately.
X
OCAPI versions 15.x and 16.x will be retired on March 31, 2021. For dates and more information, see the OCAPI versioning and deprecation policy and this Knowledge Article.