DCG External Client App Setup

This topic guides you through the creation of an external client app to be used by the Digital Commerce Gateway (also known as DCG application, formerly known as Vlocity Digital Commerce Tier - VDCT).

The DCG External Client App Setup process is required during these events:

• Initial DCG setup.
• Integration of an existing DCG environment with a different Salesforce organization.
• Re-integration after a sandbox refresh where the external client app must be recreated.

To create the external client app, you must have an admin account within the Salesforce organization. The callback URL to configure in the connected application will differ depending on the type of Salesforce instance used (test or standard).

• For sandbox / test instances: https://test.salesforce.com/services/oauth2/success

• For production / standard instances: https://login.salesforce.com/services/oauth2/success

The DCG application relies on the OAuth 2.0 JWT Bearer Token authentication flow which requires a private key and certificate to work. Vlocity creates them and provides you with the public certificate to add to the external client app at a later stage. You do not need this certificate to create the external client app.

DCG requires a dedicated user who is authorized to use the external client app. The user must be assigned to a Profile with sufficient permissions for the DCG application to work. The “System Administrator” profile is the recommended one for DCG; however, its permissiveness is generally not recommended for production environments.

To create the external client app, see Create an External Client App.

After you reach the external client app creation page, configure it as follows:

• Provide a name for the application similar to: “Digital Commerce Application - {ENV}” (replacing {ENV} with the appropriate environment name / nickname).

• Provide an email address where you can receive notifications related to the connected application.

• Expand API (Enable OAuth Settings) and check Enable OAuth.

• Fill in the Callback URL (refer to the Prerequisites section above for possible values).

• Add the following Oauth Scopes (or permissions) to the Selected Oauth Scopes:

  • Manage user data via APIs (api)
  • Perform requests at any time (refresh_token, offline_access)

For example:

DCG requires a user who is authorized to use the external client app. This user must be assigned to a Profile with sufficient permissions for the DCG application to work. The “System Administrator” profile is the most commonly used.

Update the ticket with the following required information from the external client app:

• The Salesforce username authorized in the application

• The external client app API Oauth Consumer Key

After Salesforce has finalized the creation of your environment and has sent you the public certificate, proceed with the post-setup instructions here.

The public certificate may be sent to you in PEM or DER format. Both are accepted by external client apps. When the certificate is nearing expiration, a new one is generated and provided to you by Salesforce.

To add or replace the certificate, follow these steps:

1. Log in to the Salesforce Org and navigate to Setup

2. From Setup, in the Quick Find box, enter App, and then select External Client App Manager.

3. Locate the app you created for this environment and open it.

4. On the settings tab click Edit.

5. Locate and check the setting Enable JWT Bearer FLow in the API section.

6. Click Upload Files and upload the public certificate file you received from Salesforce.

7. Click Save.

   

   You can display the certificate’s properties using the following command (subject, issuer and expiration date):