Download OpenAPI specification:Download
This is Intershop ICM REST API documentation.
This reference lists the REST API for storefront development. The REST API covers features of both, the B2C (SMB - Small and Medium-sized businesses) and the B2B storefront development. This reference is intended for developers who want to make use of an easy-to-use API when developing frontend solutions. You can find more information at Intershop Communications. Contact our Intershop experts at Support - Intershop Communications
Several API operations require an authenticated user. Intershop ICM REST API supports authentication using:
authentication-tokenTokens are encoded or signed strings that can be used to authenticate a REST request. Tokens are submitted using the header Authorization containing the word Bearer followed by space and the token string.
Alternatively the header authentication-token containing the user token can be used.
The token endpoint is used to create tokens that are used in subsequent requests as authentication token. The user can authenticate using:
Every REST endpoint supports authentication using basic authentication. To authenticate the client sends the users credentials with the header Authorization that contains the word Basic followed by space and a base64-encoded string username:password.
The response of such a request includes a header authentication-token containing the user token. If the server does not support JWT (JSON Web Token) each response of REST request will contain the header authentication-token which should replace former tokens since it contains an updated expiration time.
Note: REST endpoints that support Web-Adapter-cached responses cannot be used for implicit token creation.
If the server supports JWT token as user token implicit token creation should not be used because the token will not renew.
This API can be used to create access and identity tokens which allow clients to securely call protected APIs. Clients request tokens that can be used in the 'Authorization' header so the server grants access to a particular resource which will be invoked in the context of the encoded user-identity.
- Client logs in a user with name and password. The client uses the received ID-token for subsequent requests and stores the refresh-token for further use:
curl http://<SERVER>/INTERSHOP/rest/WFS/<SITE>/-/token -X POST -d "grant_type=password&username=<USERNAME>&password=<PASSWORD>&organization=<ORGANIZATION>"- The client renews the ID-token using the refresh-token if its expired or about to expire: Creates a set of token based on a refresh token:
curl http://<SERVER>/INTERSHOP/rest/WFS/<SITE>/-/token -X POST -d "grant_type=refresh_token&refresh_token=<REFRESH_TOKEN>- The client logs out the user (this will expire refresh-tokens):
curl http://<SERVER>/INTERSHOP/rest/WFS/<SITE>/-/logout -X PUT -H "Authorization:Basic <REFRESH_TOKEN>"
Creates a set of tokens. The given authorization grant determines for which identity the tokens get created. Following authorization grants are supported:
Creates a set of tokens for an anonymous user. Example call with no form data:
curl https://<SERVER>/INTERSHOP/rest/WFS/<SITE>/-/token -X POSTalternatively the grant_type can be submitted:
curl https://<SERVER>/INTERSHOP/rest/WFS/<SITE>/-/token -X POST -d "grant_type=anonymous"Creates a set of tokens for a user that authenticates via user name and password (and organization, defaults to the sites default organization):
curl http://<SERVER>/INTERSHOP/rest/WFS/<SITE>/-/token -X POST -d "grant_type=password&username=<USERNAME>&password=<PASSWORD>&organization=<ORGANIZATION>"Creates a set of tokens for a user that authenticates using e.g. basic authentication (user name and password given Base64 encoded USERNAME:PASSWORD, here: admin:!InterShop00!):
curl http://<SERVER>/INTERSHOP/rest/WFS/<SITE>/-/token -X POST -d "grant_type=client_credentials&organization=<ORGANIZATION>" -H "Authorization:Basic YWRtaW46IUludGVyU2hvcDAwIQ=="Creates a set of token based on a refresh token:
curl http://<SERVER>/INTERSHOP/rest/WFS/<SITE>/-/token -X POST -d "grant_type=refresh_token&refresh_token=<REFRESH_TOKEN>| grant_type | string Value: "anonymous" the grant type. If set to anonymous a new token for an anonymous user will be created |
OK
Bad request
Unauthorized
Intershop ICM Server
{- "id_token": "string",
- "access_token": "string",
- "refresh_token": "string",
- "expires_in": 0,
- "refresh_expires_in": 0,
- "token_type": "bearer"
}Identity providers are used to authenticate users. Clients can use this endpoint in order to receive all identity providers that are available for an organization. Typically, this information can be used to enable a user to log on to the ICM back office or the storefront. There might be different types of identity providers. The type local is used for the standard internal ICM user login handling which is most often represented by a login form and completely handled by ICM server. However, other types include oidc for OpenID Connect compatible providers which can be used for single sign-on scenarios.
The following example shows how to retrieve identity providers for organization Operations:
curl https://<SERVER>/INTERSHOP/rest/WFS/<SITE>/-/identityproviderconfigurations/OperationsThis operation returns the identity providers that are available for an organization.
| organizationKey required | string The key of organization |
| providerType | string The provider type. If used only matching configurations will be returned. |
OK
Not found
Intershop ICM Server
[- {
- "key": "uniqueKey",
- "name": "display name",
- "type": "local"
}
]This operation returns the identity providers that are available for an organization.
| organizationKey required | string The key of organization |
| providerKey required | string The key of the configuration |
OK
Not found
Intershop ICM Server
{- "key": "uniqueKey",
- "name": "display name",
- "type": "local"
}Responds with script snippet containing CAPTCHA challenge. Workflow:
OK
Internal Server Error
response headers will include required fields:
RequiredFields: recaptcha_challenge_field,recaptcha_response_field
Intershop ICM Server
Updates the login of the currently logged in user with a new one.
| CustomerKey required | string Example: ExampleKey The key or UUID to resolve a single item |
| name | string The name of an element. |
| login | string the login used for authentication |
No content
Bad request possible values for header error-key:
Unauthorized
Intershop ICM Server
{- "name": "string",
- "login": "pmiller@test.intershop.de"
}Updates the password of the currently logged in customer with a new one.
| CustomerKey required | string Example: ExampleKey The key or UUID to resolve a single item |
| name | string The name of an element. |
| password | string new password |
| currentPassword | string current password |
No content
Bad request possible values for header error-key:
Unauthorized
Intershop ICM Server
{- "name": "string",
- "password": "InterShop00",
- "currentPassword": "!InterShop00!"
}Updates the security question of the currently logged in customer. The key of the security question should be submitted. A client could get the list of possible keys from /securiry/questions resource.
| CustomerKey required | string Example: ExampleKey The key or UUID to resolve a single item |
| name | string The name of an element. |
| type | string The type of the object. This is normally a constant that can be used to differentiate objects by their type. |
| text | string the text of the security question |
| key | string the key of the security question |
No content
Bad request
Unauthorized
Intershop ICM Server
{- "name": "string",
- "type": "SecurityQuestion",
- "text": "What is your pet's name?",
- "key": "account.security_question.pet_name.text"
}Updates the password of the currently logged in customer with a new one.
| CustomerKey required | string Example: ExampleKey The key or UUID to resolve a single item |
| name | string The name of an element. |
| password | string new password |
| currentPassword | string current password |
No content
Bad request possible values for header error-key:
Unauthorized
Intershop ICM Server
{- "name": "string",
- "password": "InterShop00",
- "currentPassword": "!InterShop00!"
}Updates the security question of the currently logged in customer. The key of the security question should be submitted. A client could get the list of possible keys from /securiry/questions resource.
| CustomerKey required | string Example: ExampleKey The key or UUID to resolve a single item |
| name | string The name of an element. |
| type | string The type of the object. This is normally a constant that can be used to differentiate objects by their type. |
| text | string the text of the security question |
| key | string the key of the security question |
No content
Bad request
Unauthorized
Intershop ICM Server
{- "name": "string",
- "type": "SecurityQuestion",
- "text": "What is your pet's name?",
- "key": "account.security_question.pet_name.text"
}