Trusted Agent Authorization

SLAS supports an authorization method called trusted agent on behalf (TAOB). Using this method, a trusted agent can get a shopper token that allows the agent to assume the role of a particular shopper and perform actions on their behalf.

Consider the following scenario where trusted agent authorization is used to help a shopper:

  1. Lauren is a call center agent who helps shoppers with their orders.
  2. Tim is a shopper who contacts the call center. He wants to update the quantity of shirts in his order but is having difficulty doing it himself.
  3. Lauren logs in to Tim’s account on his behalf and goes through the items added in cart.
  4. Lauren successfully updates the quantity of shirts in Tim’s order.
  5. Tim is pleased with the Lauren’s help and completes his order.

The following diagram shows the typical API requests and responses used in the authorization flow for a trusted agent:

Associated diagram -medium

Now that you understand how the trusted agent on behalf feature works, you’re ready to start your own implementation by following the instructions in the rest of this guide.

In Business Manager, configure the following functional permissions for one or more agents in your organization: Login_On_Behalf and Create_Order_On_Behalf.

For detailed instructions, see the Business Manager Functional Permissions article on the B2C Commerce Infocenter.

  • Create or add to an existing client ID: scope: sfcc.ta_ext_on_behalf_of
  • Set a redirect URI

The following commands demonstrate how to authorize a trusted agent.

When running the sample code provided, don’t forget to replace the placeholder values with actual values.

Start by requesting an authorization code for a trusted agent:

The request redirects you to Account Manager for authentication. After a successful login, you are redirected to the address that was provided in the redirect_uri parameter of the previous request. When redirecting, the authorization code is included as a query parameter.

Now that you have an authorization code, you can request a trusted agent token from SLAS. In the following command, replace jpsM6DNwzFtrUIZJDwyRihkRX1g with the actual authorization code.

A JWT for trusted agents expires after 15 minutes and is not refreshable. When expired, then app must restart the authorization flow and make another request to the /trusted-agent/authorize endpoint.

For more technical details on the capabilities of the SLAS API, explore the API specification in the Reference section: