REST interoperability

The HCL Commerce REST APIs can use session cookies created by the HCL Commerce store runtime for authentication. That is, a client can mix requests to the HCL Commerce REST APIs and the HCL Commerce store runtime within the same user session.
The REST API interoperability framework supports the following scenarios:
  • The HCL Commerce REST API can support web authentication cookies if AuthenticationAllowedUsingCookies is set to true in the WC\xml\config\\wc-component.xml file.
  • Partial authentication (persistent sessions) is enabled by default in the wc-rest-security.xml file for services that do not expose sensitive data. For example, for the following resources:
      <partialAuthentication resource="store/{storeId}/productview" method="GET" enabled="true"/>
      <partialAuthentication resource="store/{storeId}/categoryview" method="GET" enabled="true"/>
      <partialAuthentication resource="store/{storeId}/sitecontent" method="GET" enabled="true"/>
  • HCL Commerce allows simultaneous web and REST sessions for the same user.
  • The following HCL Commerce REST APIs can also be configured to create or update session cookies by setting the updateCookies query parameter to true:
    • POST /store/{storeId}/person
    • POST /store/{storeId}/guestidentity
    • DELETE /store/{storeId}/guestidentity/@self
    • POST /store/{storeId}/loginidentity
    • DELETE /store/{storeId}/loginidentity/@self
    • POST /store/{storeId}/ltpaidentity
    • DELETE /store/{storeId}/ltpaidentity/@self
  • The following HCL Commerce REST APIs can be configured to remember or forget a registered user (when persistent session is enabled) by setting the rememberMe query parameter to true or false:
    • POST /store/{storeId}/person
    • POST /store/{storeId}/loginidentity
    • DELETE /store/{storeId}/loginidentity/@self