Sample Flow: Authorizing Guest Users and Calling Commerce APIs

Once the external client app is set up and you have the consumer details, including Consumer Key and Consumer Secret, you’re ready to use the Headless Guest Flow. Issue identifiers in the form of unique visitor IDs (UVIDs) for these unknown visitors with the Headless Guest Flow. See Headless Identity APIs: Headless Guest Flow for Public Clients for more information.

The first step is to authorize the guest user. The following is an example of an authorization request.

Endpoint: (POST) https://<domain>.site.com/<site ID>/services/oauth2/authorize

Request

Header:

Body:

Response

Salesforce validates the UVID and authorizes the guest user. If the UVID was passed as a JWT-based access token, Salesforce checks the validity of the token. The API returns the code response with the authorization and other parameters.

After authorization is complete, exchange the authorization code for a JWT access token.

Header:

Note: For guest user authentication flows, include the Uvid-Hint and Auth-Request-Type guest headers in the token request. Requests that omit these headers can return an unknown_error response.

Endpoint: (POST) https://<domain>.site.com/<site ID>/services/oauth2/token

Request

Body:

Response

Your app processes the access token response and creates a guest session, persisting the UVID value.

Use the JWT token to interact with Commerce APIs.

Endpoint: (POST) https://<domain>.site.com/<site ID>/services/data/vXX.X/commerce/webstores/{webstoreId}/carts?currencyIsoCode=USD&language=en-US&asGuest=true&htmlEncode=false

See Commerce Webstore, Create Cart for more information.

Endpoint: (POST) https://<domain>.site.com/<site ID>/services/data/vXX.X/commerce/webstores/{webstoreId}/carts/{cartId}/cart-items?currencyIsoCode=USD&language=en-US&asGuest=true&htmlEncode=false

See Commerce Webstore, Add Items to Cart for more information.

Start Checkout:

Endpoint: (POST) https://<domain>.site.com/<site ID>/services/data/vXX.X/commerce/webstores/{webstoreId}/carts/{cartId}/checkouts?currencyIsoCode=USD&language=en-US&asGuest=true&htmlEncode=false

To continue with the checkout process, choose the Checkout API that best fits your implementation requirements: