playbooks

home / skills / salesforcecommercecloud / b2c-developer-tooling / b2c-slas

b2c-slas skill

/skills/b2c-cli/skills/b2c-slas

This skill helps you manage SLAS shoppers clients with the b2c CLI, enabling custom scopes, PWA setups, and token debugging.

npx playbooks add skill salesforcecommercecloud/b2c-developer-tooling --skill b2c-slas

Review the files below or copy the command above to add this skill to your agents.

Files (1)
SKILL.md
4.7 KB
---
name: b2c-slas
description: Manage SLAS (Shopper Login and API Access Service) clients for B2C Commerce (SFCC/Demandware) with the b2c cli. Use when configuring shopper authentication, creating API clients for PWA/headless, managing OAuth scopes (including custom scopes like c_loyalty), or debugging token issues. SLAS is for shopper (customer) authentication, not admin APIs.
---

# B2C SLAS Skill

Use the `b2c` CLI plugin to manage SLAS (Shopper Login and API Access Service) API clients and credentials.

> **Important:** SLAS is for **shopper** (customer) authentication used by storefronts and headless commerce. For **admin** tokens (OCAPI, Admin APIs), use `b2c auth token` - see [b2c-config skill](../b2c-config/SKILL.md).

> **Tip:** If `b2c` is not installed globally, use `npx @salesforce/b2c-cli` instead (e.g., `npx @salesforce/b2c-cli slas client list`).

## When to Use

Common scenarios requiring SLAS client management:

- **Testing Custom APIs**: Create a client with custom scopes (e.g., `c_loyalty`) to test your Custom API endpoints
- **PWA/Headless Development**: Configure clients for composable storefronts
- **Integration Testing**: Create dedicated test clients with specific scope sets

## Examples

### List SLAS Clients

```bash
# list all SLAS clients for a tenant
b2c slas client list --tenant-id abcd_123

# list with JSON output
b2c slas client list --tenant-id abcd_123 --json
```

### Get SLAS Client Details

```bash
# get details for a specific SLAS client
b2c slas client get --tenant-id abcd_123 --client-id my-client-id
```

### Create SLAS Client

```bash
# create a new SLAS client with default scopes (auto-generates UUID client ID)
b2c slas client create --tenant-id abcd_123 --channels RefArch --default-scopes --redirect-uri http://localhost:3000/callback

# create with a specific client ID and custom scopes
b2c slas client create my-client-id --tenant-id abcd_123 --channels RefArch --scopes sfcc.shopper-products,sfcc.shopper-search --redirect-uri http://localhost:3000/callback

# create a public client
b2c slas client create --tenant-id abcd_123 --channels RefArch --default-scopes --redirect-uri http://localhost:3000/callback --public

# create client without auto-creating tenant (if you manage tenants separately)
b2c slas client create --tenant-id abcd_123 --channels RefArch --default-scopes --redirect-uri http://localhost:3000/callback --no-create-tenant

# output as JSON (useful for capturing the generated secret)
b2c slas client create --tenant-id abcd_123 --channels RefArch --default-scopes --redirect-uri http://localhost:3000/callback --json
```

Note: By default, the tenant is automatically created if it doesn't exist.

**Warning:** Use `--scopes` (plural) for client scopes, NOT `--auth-scope` (singular). The `--auth-scope` flag is a global authentication option for OAuth scopes.

### Create Client for Custom API Testing

When testing a Custom API that requires custom scopes:

```bash
# Create a private client with custom scope for testing
# Replace c_my_scope with your API's custom scope from schema.yaml
b2c slas client create \
  --tenant-id zzpq_013 \
  --channels RefArch \
  --default-scopes \
  --scopes "c_my_scope" \
  --redirect-uri http://localhost:3000/callback \
  --json

# Output includes client_id and client_secret - save these for token requests
```

**Important:** The custom scope in your SLAS client must match the scope defined in your Custom API's `schema.yaml` security section.

### Get a Token for Testing

After creating a SLAS client, obtain a token for API testing:

```bash
# Set credentials from client creation output
# Find your shortcode in Business Manager: Administration > Site Development > Salesforce Commerce API Settings
SHORTCODE="kv7kzm78"  # Example shortcode - yours will be different
ORG="f_ecom_zzpq_013"
CLIENT_ID="your-client-id"
CLIENT_SECRET="your-client-secret"
SITE="RefArch"

# Get access token
curl -s "https://$SHORTCODE.api.commercecloud.salesforce.com/shopper/auth/v1/organizations/$ORG/oauth2/token" \
  -u "$CLIENT_ID:$CLIENT_SECRET" \
  -d "grant_type=client_credentials&channel_id=$SITE"
```

### Update SLAS Client

```bash
# update an existing SLAS client
b2c slas client update --tenant-id abcd_123 --client-id my-client-id
```

### Delete SLAS Client

```bash
# delete a SLAS client
b2c slas client delete --tenant-id abcd_123 --client-id my-client-id
```

### Configuration

The tenant ID can be set via environment variable:
- `SFCC_TENANT_ID`: SLAS tenant ID (organization ID)

### More Commands

See `b2c slas --help` for a full list of available commands and options in the `slas` topic.

## Related Skills

- `b2c:b2c-custom-api-development` - Creating Custom APIs that require SLAS authentication
- `b2c-cli:b2c-scapi-custom` - Checking Custom API registration status

Overview

This skill helps you manage SLAS (Shopper Login and API Access Service) clients for Salesforce B2C Commerce using the b2c CLI. It focuses on shopper/customer authentication: creating, listing, updating, and deleting SLAS API clients and managing OAuth scopes for storefronts and headless/PWA integrations. Use it to configure tokens and troubleshoot shopper authentication flows.

How this skill works

The skill drives the b2c CLI slas commands to inspect and manipulate SLAS tenants and clients. It can create clients (public or private), attach default or custom scopes (including custom c_* scopes), output JSON with generated client secrets, and request tokens for testing. It also supports listing clients, getting client details, updating client settings, and deleting clients.

When to use it

  • Set up PWA or headless storefront authentication and tailor OAuth scopes for a channel.
  • Create test clients for integration or automated testing with restricted scopes.
  • Add custom scopes (e.g., c_loyalty) to exercise Custom API endpoints during development.
  • Troubleshoot token acquisition issues or verify client credentials and scopes.
  • Generate client credentials for short-lived development or CI workflows.

Best practices

  • Use --json output when creating clients to capture client_id and client_secret programmatically.
  • Prefer dedicated test clients for integration tests instead of reusing production credentials.
  • Match custom scope names exactly to the scope defined in your Custom API schema.
  • Use tenant auto-creation judiciously; pass --no-create-tenant if tenants are managed separately.
  • Use the channel/site (channel_id) when requesting tokens so tokens are valid for the intended storefront.

Example use cases

  • Create a private SLAS client with a custom c_my_scope to test a Custom API endpoint.
  • Generate a public client and redirect URI for a local PWA development server.
  • List all SLAS clients for a tenant to audit configured scopes and client types.
  • Request a shopper access token using client credentials and channel_id for API debugging.
  • Update an existing client to add or remove scopes during feature rollout.

FAQ

Is SLAS for admin APIs or shopper authentication?

SLAS is for shopper (customer) authentication used by storefronts and headless apps. For admin tokens use the admin auth workflow (e.g., b2c auth token).

How do I capture the generated client secret?

Run the create command with --json to get client_id and client_secret in the output and save them securely.