Feature Pack 7 or later

REST interoperability

The WebSphere Commerce REST APIs can use session cookies created by the WebSphere Commerce store runtime for authentication. That is, a client can mix requests to the WebSphere Commerce REST APIs and the WebSphere Commerce store runtime within the same user session.
The REST API interoperability framework supports the following scenarios:
  • The WebSphere Commerce REST API can support web authentication cookies if AuthenticationAllowedUsingCookies is set to true in the WC\xml\config\com.ibm.commerce.foundation-fep\wc-component.xml file.
  • Partial authentication (persistent sessions) is enabled by default in the wc-rest-security.xml file for services that do not expose sensitive data. For example, for the following resources:
    
      <partialAuthentication resource="store/{storeId}/productview" method="GET" enabled="true"/>
      <partialAuthentication resource="store/{storeId}/categoryview" method="GET" enabled="true"/>
      <partialAuthentication resource="store/{storeId}/sitecontent" method="GET" enabled="true"/>
    
  • WebSphere Commerce allows simultaneous web and REST sessions for the same user.
  • Feature Pack 8The following WebSphere Commerce REST APIs can also be configured to create or update session cookies by setting the updateCookies query parameter to true:
    • POST /store/{storeId}/person
    • POST /store/{storeId}/guestidentity
    • DELETE /store/{storeId}/guestidentity/@self
    • POST /store/{storeId}/loginidentity
    • DELETE /store/{storeId}/loginidentity/@self
    • POST /store/{storeId}/ltpaidentity
    • DELETE /store/{storeId}/ltpaidentity/@self