Trusted Agent Authorization
Trusted Agent on Behalf (TAOB) authorization allows an agent to perform actions on behalf of a registered shopper.
Consider the following scenario where trusted agent authorization is used to help a shopper:
- Lauren is a call center agent who helps shoppers with their orders.
- Tim is a shopper who contacts the call center. He wants to update the quantity of shirts in his order but is having difficulty doing it himself.
- Lauren logs in to Tim’s account on his behalf and goes through the items added in cart.
- Lauren successfully updates the quantity of shirts in Tim’s order.
- Tim is pleased with the Lauren’s help and completes his order.
The following diagram shows the typical API requests and responses used in the authorization flow for a trusted agent:
Now that you understand how the trusted agent on behalf feature works, you’re ready to start your own implementation by following the instructions in the rest of this guide.
In Business Manager, configure the following functional permissions for one or more agents in your organization: Login_On_Behalf and Create_Order_On_Behalf.
For detailed instructions, see the Business Manager Functional Permissions article on the B2C Commerce Infocenter.
- Add the
sfcc.ta_ext_on_behalf_ofscope to your SLAS client - Set a redirect URI
The following commands demonstrate how to authorize a trusted agent.
When running the sample code provided, don’t forget to replace the placeholder values with actual values.
Start by requesting an authorization code for a trusted agent using getTrustedAgentAuthorizationToken:
The request redirects you to Account Manager for authentication. After a successful login, you are redirected to the address provided in the redirect_uri parameter of the previous request. When redirecting, the authorization code is included as a query parameter.
Now that you have an authorization code, you can request a trusted agent token using getTrustedAgentAccessToken. In the following command, replace jpsM6DNwzFtrUIZJDwyRihkRX1g with the actual authorization code:
Trusted agent tokens expire after 15 minutes and are not refreshable. To get a new token, restart the authorization flow.
Trusted agent tokens are only supported by a subset of Shopper endpoints:
| Required Business Manager Role | Endpoint | HTTP Methods |
|---|---|---|
Create_Order_On_Behalf_Of | /orders/** | GET, POST, DELETE, PATCH, PUT |
Create_Order_On_Behalf_Of | /baskets/** | POST, PUT, DELETE, PATCH, GET |
Create_Order_On_Behalf_Of | /customers/** | GET, POST, PATCH, PUT |
Create_Order_On_Behalf_Of | /customers/*/addresses/* | DELETE |
Create_Order_On_Behalf_Of | /customers/*/payment_instruments/* | DELETE |
Create_Order_On_Behalf_Of | /customers/*/product_lists/** | DELETE |
Create_Order_On_Behalf_Of | /gift_certificate | POST |
Create_Order_On_Behalf_Of | /customers/** | GET, POST, PATCH |
Create_Order_On_Behalf_Of | /customer_lists/** | GET, POST |
Search_Orders | /order_search/* | POST |
Handle_External_Orders | /baskets/calculate | POST |
Handle_External_Orders | /baskets/shipping_methods | POST |
Calling non-supported endpoints results in a HTTP 403 user-access-forbidden response.
To call other endpoints use a second token from getTrustedSystemAccessToken or getAccessToken.
This constraint is removed in B2C Commerce 24.5.