Simplifying SFCC Order Access: Say Goodbye to Password Resets Every 90 Days

In the world of Salesforce Commerce Cloud (SFCC), efficiency and security are paramount. However, there’s often a dilemma when it comes to accessing SFCC Orders from external platforms. A common challenge faced by many is the need for Business Manager (BM) Grants, which requires the use of account manager credentials that expire every 90 days. This raises a critical question: is it really necessary to manually reset a password every 90 days for server-to-server communication? In this article, we’ll provide you with a more convenient and secure solution.

The Password Reset Predicament

The issue at hand revolves around the need for frequent password resets to maintain access to SFCC Orders via Open Commerce API (OCAPI). The 90-day expiration of account manager credentials poses a substantial operational challenge, requiring manual intervention and potential disruptions in the workflow. However, there’s a better way to manage this.

Enter Access Keys

Access keys offer a streamlined solution to the password reset conundrum. Instead of relying on traditional account manager credentials, you can use a BM (Business Manager) user with a security key, which has an impressive lifespan of one year. This means you won’t have to worry about resetting passwords every 90 days.

Generating Security Keys

You have two options for generating these security keys:

  1. OCAPI: You can utilize OCAPI to generate new security keys. This approach empowers you to automate the process and ensure seamless server-to-server communication without the hassle of frequent password resets.
  2. Business Manager (BM): Alternatively, you can create and manage security keys via the Business Manager. Simply navigate to Administration > Organization > Users > Access Keys to set up and control access keys for your BM user. These keys, unlike passwords, have an extended validity of one year.

A Solution that Lasts to avoid password reset every 90 days

Access keys are linked to a user in the Business Manager. Even if the user’s password expires, the access key remains valid for a full year, offering both convenience and security. This means you can say goodbye to 90-day calendar reminders and the associated password reset headaches.

Further Resources

For detailed instructions and additional insights, consider exploring these helpful links:

  1. SFCC Learning – Access Keys for Business Manager
  2. Salesforce Commerce – OCAPI Data API Reference

In conclusion, while the need for BM Grants and frequent password resets may seem cumbersome, there’s a smarter way to handle SFCC Order access. Embrace access keys, either through OCAPI or BM, and enjoy the convenience of a one-year security key that simplifies server-to-server communication in Salesforce Commerce Cloud.

Don’t miss out on any articles – subscribe to our newsletter. We also recommend joining the Salesforce Commerce Cloud developer community on Slack at, where experienced professionals can help you clarify questions like this.

How to be a Certified Salesforce Commerce Cloud Developer for FREE

Unlock a FREE PDF with SFCC B2C Certification questions from our Udemy Course. Join our newsletter!
Check your email, you’ll receive a copy in a few seconds. If you don’t see it, please check your spam folder.

Do you like cookies? 🍪 We use cookies to ensure you get the best experience on our website. Learn more.