Preview tokens

A preview token is an encrypted string that encapsulates a set of preview options and restrictions on when and where the token can be used. Any user who is authorized to access your server and has the preview token, can perform preview actions in the same store that the token is generated, with the preview options specified.For example, a user can make a service request in preview mode or access a generated preview URL to preview a store in a particular customer segment.

Create preview token service

The preview options and restrictions can be defined with the following parameters when calling the Create preview token service:
Optional: The date and time that the preview token starts to become valid. The time is in the format "YYYY/MM/DD HH:MM:SS".
The default is the current date and time.
Optional: Must be a valid Java time zone ID.
The default is the server time zone ID.
Optional: Determines if time should be static while in preview mode. If true, time is static. If false, time is elapsing.
The default value is false.
  • 0 - use inventory levels in the database.
  • 1 - set all inventory filter results to true.
  • -1 - set all inventory filter results to false.
The default value is 0.
Optional: Preview as a user in these customer segments. A comma-separated list of member group IDs.
Optional: The workspace ID.
Optional: The task group ID.
Optional: the task ID.
Optional: Lifespan of the preview token in minutes. The preview token expires and cannot be used after the this set time.
The default value is 60.
Optional: The start date/time of the preview token in the form "YYYY/MM/DD HH:MM:SS".
The default is the current date/time.
Optional: The end date/time of the preview token in the form "YYYY/MM/DD HH:MM:SS". This value takes precedence over the tokenLife parameter.
Optional: The password to access a generated preview URL.

After the create preview token service encapsulates the preview options and restrictions, the PreviewTokenServiceCmdImpl command creates the preview token and returns the preview token as a response property named "previewToken". The preview token is stored in the PREVIEWTOKEN database table.

Sample service requests and responses

For developers who might want to customize RESTful applications to preview content using BOD and REST services, refer to the following sample codes to understand service request and response formats:
  • Sample create preview token AJAX request:
  • Sample create preview token AJAX response:
    	"previewToken": "iuJOiPLnTn0="
  • For a BOD service to generate a preview token, use a ProcessPerson BOD with actionCode="CreatePreviewToken". The following is a sample create preview token BOD service request:
    versionID="" xmlns:xsi="">
    	<oa:ApplicationArea xsi:type="_wcf:ApplicationAreaType">
    		<_wcf:BusinessContext intent="Authoring">
    			<_wcf:ContextData name="storeId">10001</_wcf:ContextData>
    				<oa:ActionExpression actionCode="CreatePreviewToken"
    					<_wcf:UserDataField name="start">2013/01/01 00:00:00</_wcf:UserDataField>
    					<_wcf:UserDataField name="timeZoneId">America/New_York</_wcf:UserDataField>
    					<_wcf:UserDataField name="status">true</_wcf:UserDataField>
    					<_wcf:UserDataField name="invstatus">0</_wcf:UserDataField>
    					<_wcf:UserDataField name="includedMemberGroupIds">10001,10002</_wcf:UserDataField>
    					<_wcf:UserDataField name="workspaceId">10001</_wcf:UserDataField>
    					<_wcf:UserDataField name="taskGroupId">10001</_wcf:UserDataField>
    					<_wcf:UserDataField name="taskId">10001</_wcf:UserDataField>
    					<_wcf:UserDataField name="tokenLife">60</_wcf:UserDataField>
    					<_wcf:UserDataField name="password">passw0rd</_wcf:UserDataField>
  • Sample create preview token service response (BOD):
    	<Oagis9:ApplicationArea xsi:type="_wcf:ApplicationAreaType">
    					<_wcf:UserDataField name="previewToken">iuJOiPLnTn0=</_wcf:UserDataField>
  • For a REST service to generate a preview token, use a POST HTTP method with a URL that follows the format "store/storeid/previewToken. The following is a sample create preview token REST service request:
    Post /wcs/resources/store/10001/previewToken HTTPS/1.1
    Content-Type: application/json
    	"start": "2013/01/01 20:30:00",
    	"timeZoneId": "America/New_York",
    	"status": "true",
    	"invstatus": "0",
    	"includedMemberGroupIds": "10001,10002",
    	"workspaceId": "10001",
    	"taskGroupId": "10001",
    	"taskId": "10001",
    	"tokenLife": "60",
    	"password": "passw0rd"
  • Sample create preview token service response (REST):
    HTTPS/1.1 201 Created
    Content-Type: application/json
    	"previewToken": "iuJOiPLnTn0="

Preview token security

The following security features are in place for preview tokens:
  • By default, the create preview token command/service is restricted by access control to business users with administrative user roles.
  • A preview token only works in the store where it is generated.
  • A preview token will be revoked when it is sent over HTTP. The token must be sent over HTTPS.