OCAPI Client Application Identification

The Open Commerce API requires that all client applications identify themselves using a client ID.

You can obtain a client ID in Account Manager as explained in Adding a client ID for the Open Commerce API. After you obtain an ID, verify that it’s enabled.

You can see a list of all client IDs in your organization by selecting API Client in the left navigation menu in Account Manager.

Include the client ID in every API request. It can be passed in several ways:

  1. For requests requiring an Authorization token, the client ID is determined from the provided token:

    1. JWT: the client ID is embedded within the token payload as the 'issuer' claim
    2. OAuth: the client ID is resolved from the Account Manager using the token
  2. You can pass a client ID in the client_id request parameter:

  3. You can pass a client ID in the x-dw-client-id HTTP header:

If more than one mechanism is used to provide a client ID, it’s resolved using the following order of precedence.

  1. Bearer token
  2. Request parameter
  3. HTTP Header

If you don’t provide a client ID, the server returns an HTTP status 400 (Bad Request).

Your client ID must be enabled in Account Manager. Because client IDs are cached for a time before being revalidated, when you enable or disable a client ID, its status doesn’t change immediately.