B2C Commerce API Release Notes

Use B2C Commerce API (also known as Salesforce Commerce API or SCAPI) to build headless commerce experiences.

• For the general B2C Commerce release notes, go to Salesforce Help.
• To use the SDK to make your first call quickly, see the Quick Start.
• For details about auth, see Authorization.
• To learn about using B2C Commerce API, see the Guides.
• To learn about using correlation IDs, see Identifying Requests and Responses.
• To browse the API endpoints, use the left navigation. B2C Commerce API is broken into two main groups: Shopper APIs and Admin APIs. All Shopper API groups start with Shopper. For details about the differences, see Get Started.
• Note: All secrets and tokens are fictional and provided as placeholders only.

Trust Notifications: US, AP2, AP3, EU, Change Case

SLAS Release Schedule:

• 3/28: USE1 - Canary 10:00 AM PST
• 3/29: USE1 - Stable: 10 AM PST; AP2, AP3 and EUC1: 11:00 AM PST

Trust Notes:

• SLAS service supports SMS notifications for passwordless login.
• BOT Mitigation improvements: Reduced the time window from 2 seconds to 1 second for the same user login that returns Error 409.
• Fixed the issue around deletion of a user with different loginID and IDP, when the tenant and customerID remains the same.
• SLAS Tenant creation improvements to include region validation.
• SLAS Service Introducing Rate Limit of 25 TPM per tenant for JWKs and well-known endpoints.
• SLAS service redirect to customer’s registered callback URL on IDP errors and return Error 412 for refresh token calls.
• Security library updates.

Trust Notifications: US, AP2, AP3, EU

Trust Notes:

• TAOB Client ID present check fix on /auth rather than /token.
• Guest SESB refresh bug fix.
• Improved IDP message errors back from third-party IDP.

SCAPI Release

Shopper Context API Update

See Shopper Context API.

SLAS Infra Deployment - Postgres 14.1 to 14.6 upgrade

Trust Notifications: US, AP2, AP3, EU

Schedule:

• USE1: 11:00 PM PST
• AP2: 11:00 AM PST
• AP3: 12:00 PM PST
• EUC1: 3:00 PM PST

Trust Notes:

We are upgrading our Postgres database to the latest version, due to a mandate from AWS. This maintenance will be performed during off hours for your region when there is little to no traffic. The upgrade is expected to take up to ~9 minutes, and you may experience slowness but not downtime during this period.

Shopper Login (SLAS)

Trust Notifications: USE1, AP2, AP3, EU

Schedule:

• 02/22/2023: USE1-Canary: 12:00 AM MT; AP2, AP3, EU: 2:00 PM MT
• 02/23/2023: USE1-Stable : 12:00 AM MT

Trust Notes:

• Increase shopper authorization code size to accommodate larger code sent from Identity Providers.
• SLAS Admin UI fixes for tenant display post deletion and faster IDP creation.
• SLAS Admin: Client scope update fix.
• Trusted Agent On Behalf: additional redirect URI parameters for authorize are separated properly.
• Security library updates.

Shopper Login (SLAS)

Trust Notes:

We’ll be upgrading the SLAS infrastructure with the latest security and performance improvements. During the upgrade, for a duration of ~1 minute, there could be some latency observed in API calls but there’s no impact to Shopper Login experience (through SFRA, OCAPI, or SCAPI).

Trust Notification

Schedule:

• 2/14/2023: AP2: 11:00 AM PST; AP2: 12:00 PM PST; EUC1: 1:00 PM PST
• 2/15/2023: USE1: 1:00 PM PST

Maintenance and stability updates for Products, Catalogs, and Shopper Products APIs.

• EUC1, APN1 and APS2 Trust notification
• USE1 Trust notification

Shopper-Experience API global rollout. Trust notification

See Shopper Experience API.

All B2C Commerce APIs

• Preparation for Shopper-Experience API rollout. Trust notification

Shopper Login (SLAS)

• Bug fixes:
  • Admin UI, client create claims fix
  • SESB fix for OCAPI calls
• Features:
  • Support for Active Directory Federated Service IDP
  • security library updates
• Trust notification

All B2C Commerce APIs

• Security updates for SCAPI platform environment. Trust notification.

All B2C Commerce APIs

• Maintenance and stability updates for SCAPI applications. Trust notification.

The Shopper Context API is now generally available!

All B2C Commerce APIs

• Rate limit update to the rules endpoint in the Catalogs API.
• Maintenance and stability updates for Products, Catalogs, and Shopper Products APIs. Trust notification.

All B2C Commerce APIs

• Prepare SCAPI platform for future feature enablement. Trust notification.

Shopper Login (SLAS)

• Infrastructure deployment. Trust notification.

All B2C Commerce APIs

• Security updates for SCAPI platform environment.
• Maintenance and stability updates for SCAPI platform environment.
• Update TrustedAgentOnBehalf support for Shopper Token policy.
• Trust notification.

Shopper Login (SLAS)

• Support for Forgerock IDP.
• Trusted Agent On Behalf (TAOB) now supports Private ClientID flow, and TAOB JWT token expiry changed from 30 to 15 minutes for PCI compliance.
• /jwks endpoint now returns 3 key IDs (past, current, and future KeyID).
• Reduced the Passwordless OTP - token length from 20 to 8 characters.
• Enhanced BOT mitigation strategy within SLAS.
• Fixed inconsistencies related to failed tokens.
• Session Bridge: Improved error messaging & guest support.
• SLAS no longer calls ecom, when a shopper account is locked.
• User cache refinements & Fixed cache inconsistencies after tenant key rotation.
• Addressed login ID inconsistencies for passwordless login.
• Fixed AppleIDP issue related to middle name.
• Security library updates.
• Trust notification.

Shopper Customers

• Rate limit increase for GET /customers/*(Shopper-Customers), see Rate Limits.

All B2C Commerce APIs

• Security update for SCAPI platform environment.
• Maintenance and stability updates for SCAPI platform environment.

Shopper Customers

• Rate limit increase for GET /products-lists/{id}(Shopper-Customers), see Rate Limits.

All B2C Commerce APIs

• Maintenance, stability, and capacity updates for SCAPI platform environment.

Orders

• Rate limit increase for Orders API, see Rate Limits.

All B2C Commerce APIs

• Rate limit updates: API families have either a 5s tier or a 60s tier, see Rate Limits.

Shopper Products

• Response compression has been introduced.
• The expand query parameter has been added for getProducts.
• Maintenance and stability updates for SCAPI platform environment.

All B2C Commerce APIs

• Maintenance and stability updates for SCAPI platform environment.

All B2C Commerce APIs

• Added support for correlation-id and x-correlation-id headers.

The scheduled deactivation of /customers/actions/login, /trusted-system/actions/login, and other related endpoints has been extended from mid-2022 to mid-2023 for existing customers. These endpoints are still not available to new customers, and we still discourage existing customers from using them. Instead, we strongly recommend that you use the Shopper Login and API Access Service (SLAS) because it meets a higher standard for security and availability.

All B2C Commerce APIs

• Increased performance and response times through caching on the edge layer.
• Resources affected: /product, /category, and /product_search.
• Updates to the personalization handling ensure that personalized content is cached correctly.
• No action is required by developers to take advantage of this update.

All B2C Commerce APIs

• Update common libraries for data types, security schemes, and examples to latest versions.

Shopper Context

• Remove outdated example requests for creating and updating shopper context.

Shopper Login (SLAS)

• Replace SlasJWT-BearerSecurityScheme.BearerToken security scheme with CommerceCloudStandards.ShopperToken.