Preview tokens

A preview token is an encrypted string that encapsulates a set of preview options and restrictions on when and where the token can be used. Any user who is authorized to access your server and has the preview token, can perform preview actions in the same store that the token is generated, with the preview options specified.For example, a user can make a service request in preview mode or access a generated preview URL to preview a store in a particular customer segment.

Create preview token service

The preview options and restrictions can be defined with the following parameters when calling the Create preview token service:
start
Optional: The date and time that the preview token starts to become valid. The time is in the format "YYYY/MM/DD HH:MM:SS".
The default is the current date and time.
timeZoneId
Optional: Must be a valid Java time zone ID.
The default is the server time zone ID.
status
Optional: Determines if time should be static while in preview mode. If true, time is static. If false, time is elapsing.
The default value is false.
invstatus
Optional:
  • 0 - use inventory levels in the database.
  • 1 - set all inventory filter results to true.
  • -1 - set all inventory filter results to false.
The default value is 0.
includedMemberGroupIds
Optional: Preview as a user in these customer segments. A comma-separated list of member group IDs.
workspaceId
Optional: The workspace ID.
taskGroupId
Optional: The task group ID.
taskId
Optional: the task ID.
tokenLife
Optional: Lifespan of the preview token in minutes. The preview token expires and cannot be used after the this set time.
The default value is 60.
startDate
Optional: The start date/time of the preview token in the form "YYYY/MM/DD HH:MM:SS".
The default is the current date/time.
endDate
Optional: The end date/time of the preview token in the form "YYYY/MM/DD HH:MM:SS". This value takes precedence over the tokenLife parameter.
password
Optional: The password to access a generated preview URL.

After the create preview token service encapsulates the preview options and restrictions, the PreviewTokenServiceCmdImpl command creates the preview token and returns the preview token as a response property named "previewToken". The preview token is stored in the PREVIEWTOKEN database table.

Sample service requests and responses

For developers who might want to customize RESTful applications to preview content using BOD and REST services, refer to the following sample codes to understand service request and response formats:
  • Sample create preview token AJAX request:
    https://localhost:8000/webapp/wcs/tools/servlet/A
    jaxPreviewTokenCreate?storeId=10001&start=2013%2F01%2F01+00%3A00%3A00&
    timeZoneId=America%2FNew_York&status=true&invstatus=0&includedMemberGroupIds=10001%2C10002&
    workspaceId=10001&taskId=10001&tokenLife=60&password=passw0rd
  • Sample create preview token AJAX response:
    
    {
    	"previewToken": "iuJOiPLnTn0="
    }
  • For a BOD service to generate a preview token, use a ProcessPerson BOD with actionCode="CreatePreviewToken". The following is a sample create preview token BOD service request:
    <_mbr:ProcessPerson
    xmlns:_mbr="http://www.ibm.com/xmlns/prod/commerce/9/member"
    xmlns:_wcf="http://www.ibm.com/xmlns/prod/commerce/9/foundation"
    xmlns:oa="http://www.openapplications.org/oagis/9"
    versionID="6.0.0.4" xmlns:xsi="http://www.w3.org/2001/XMLSchemainstance">
    	<oa:ApplicationArea xsi:type="_wcf:ApplicationAreaType">
    		<oa:CreationDateTime></oa:CreationDateTime>
    		<oa:BODID></oa:BODID>
    		<_wcf:BusinessContext intent="Authoring">
    			<_wcf:ContextData name="storeId">10001</_wcf:ContextData>
    		</_wcf:BusinessContext>
    	</oa:ApplicationArea>
    	<_mbr:DataArea>
    		<oa:Process>
    			<oa:ActionCriteria>
    				<oa:ActionExpression actionCode="CreatePreviewToken"
    				expressionLanguage="_wcf:XPath"/>
    			</oa:ActionCriteria>
    		</oa:Process>
    		<_mbr:Person>
    			<_mbr:Credential>
    				<_wcf:UserData>
    					<_wcf:UserDataField name="start">2013/01/01 00:00:00</_wcf:UserDataField>
    					<_wcf:UserDataField name="timeZoneId">America/New_York</_wcf:UserDataField>
    					<_wcf:UserDataField name="status">true</_wcf:UserDataField>
    					<_wcf:UserDataField name="invstatus">0</_wcf:UserDataField>
    					<_wcf:UserDataField name="includedMemberGroupIds">10001,10002</_wcf:UserDataField>
    					<_wcf:UserDataField name="workspaceId">10001</_wcf:UserDataField>
    					<_wcf:UserDataField name="taskGroupId">10001</_wcf:UserDataField>
    					<_wcf:UserDataField name="taskId">10001</_wcf:UserDataField>
    					<_wcf:UserDataField name="tokenLife">60</_wcf:UserDataField>
    					<_wcf:UserDataField name="password">passw0rd</_wcf:UserDataField>
    				</_wcf:UserData>
    			</_mbr:Credential>
    			<_mbr:PersonalProfile/>
    			<_mbr:ContactInfo>
    				<_wcf:ContactInfoIdentifier>
    					<_wcf:ExternalIdentifier/>
    				</_wcf:ContactInfoIdentifier>
    				<_wcf:Address/>
    			</_mbr:ContactInfo>
    		</_mbr:Person>
    	</_mbr:DataArea>
    </_mbr:ProcessPerson>
    
  • Sample create preview token service response (BOD):
    <_mbr:AcknowledgePerson
    xmlns:Oagis9="http://www.openapplications.org/oagis/9"
    xmlns:_mbr="http://www.ibm.com/xmlns/prod/commerce/9/member"
    xmlns:_wcf="http://www.ibm.com/xmlns/prod/commerce/9/foundation"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
    	<Oagis9:ApplicationArea xsi:type="_wcf:ApplicationAreaType">
    		<Oagis9:CreationDateTime></Oagis9:CreationDateTime>
    		<Oagis9:BODID></Oagis9:BODID>
    	</Oagis9:ApplicationArea>
    	<_mbr:DataArea>
    		<Oagis9:Acknowledge>
    			<Oagis9:OriginalApplicationArea>
    				<Oagis9:CreationDateTime></Oagis9:CreationDateTime>
    				<Oagis9:BODID></Oagis9:BODID>
    			</Oagis9:OriginalApplicationArea>
    		</Oagis9:Acknowledge>
    		<_mbr:Person>
    			<_mbr:Credential>
    				<_wcf:UserData>
    					<_wcf:UserDataField name="previewToken">iuJOiPLnTn0=</_wcf:UserDataField>
    				</_wcf:UserData>
    			</_mbr:Credential>
    		</_mbr:Person>
    	</_mbr:DataArea>
    </_mbr:AcknowledgePerson>
    
  • For a REST service to generate a preview token, use a POST HTTP method with a URL that follows the format "store/storeid/previewToken. The following is a sample create preview token REST service request:
    Post /wcs/resources/store/10001/previewToken HTTPS/1.1
    Host: wcstestserver.raleigh.ibm.com
    Content-Type: application/json
    {
    	"start": "2013/01/01 20:30:00",
    	"timeZoneId": "America/New_York",
    	"status": "true",
    	"invstatus": "0",
    	"includedMemberGroupIds": "10001,10002",
    	"workspaceId": "10001",
    	"taskGroupId": "10001",
    	"taskId": "10001",
    	"tokenLife": "60",
    	"password": "passw0rd"
    }
  • Sample create preview token service response (REST):
    HTTPS/1.1 201 Created
    Content-Type: application/json
    {
    	"previewToken": "iuJOiPLnTn0="
    }

Preview token security

The following security features are in place for preview tokens:
  • By default, the create preview token command/service is restricted by access control to business users with administrative user roles.
  • A preview token only works in the store where it is generated.
  • A preview token will be revoked when it is sent over HTTP. The token must be sent over HTTPS.