Skip to main content
Unlisted page
This page is unlisted. Search engines will not index it, and only users having a direct link can access it.

CommerceTools

Authentication & Authorization

  • CommerceTools connects via OAuth 2.0 with Client Credentials Flow.

  • Client ID, Client Secret, Project Key and Region are obtained when creating the API Client, see (see Commerce Tools Connection Instructions).

  • DataGrail updates the access token after it expires to keep the connection alive.

  • Publicly exposing your API credentials can allow unauthorized access to the Administrate API endpoints, and your Administrate data by a third party. DataGrail stores your API credentials encrypted and protected.

Scopes

DataGrail requires customers to configure and grant specific and limited Scopes in order to provide its services for access and deletion privacy requests

  • manage_customers:{projectKey}: grants permission to view, create, update, and delete Customers in a Project,

  • manage_payments:{projectKey}: grants permission to view, create, update, and delete Payments in a Project,

  • manage_orders:{projectKey}: grants permission to view, create, update, and delete Carts, Orders, Associate Carts, Associate Orders, Zones in a Project,

  • manage_shopping_lists{projectKey}: grants permission to view, create, update, and delete Shopping Lists in a Project,

  • manage_products:{projectKey}: grants permission to view, create, update, and delete Product Types, Products, Channels, Inventory Entries, Reviews, Product Discounts in a Project. It also implies the scope to view published Product Projections.

Endpoints Utilized

  • Get and refresh access token:

    • POST https ://auth.{domain}/oauth/token

    where domain - host name where the Composable Commerce API is provided.

    Example: https ://auth.us-central1.gcp.commercetools.com/oauth/token

Base URL

The base url for the API requests depends on the API host and Project Key.

Example of the base URL: https ://api.us-central1.gcp.commercetools.com/demo-project-key

Limits

  • DataGrail supports requests throttling to stay within 70-80% of specified service rate limits.
  • DataGrail processes API responses with HTTP 429 status to interrupt requests, waiting and retrying (using an exponential backoff strategy).

Access

For an access request, DataGrail will take the following actions:

Endpoints Utilized

  • GET {BASE_URL}/customers

  • GET {BASE_URL}/carts

  • GET {BASE_URL}/orders

  • GET {BASE_URL}/payments

  • GET {BASE_URL}/reviews

  • GET {BASE_URL}/shopping-lists

  • GET {BASE_URL}/cart-discounts

  • GET {BASE_URL}/messages

  • GET {BASE_URL}/business-units

  • GET {BASE_URL}/quotes

  • GET {BASE_URL}/quote-requests

  • GET {BASE_URL}/staged-quotes

  • GET {BASE_URL}/custom-objects

Deletion

For a deletion request, DataGrail will take the following actions:

Endpoints Utilized

  • DELETE {BASE_URL}/customers/{customer_id}

  • DELETE {BASE_URL}/carts/{cart_id}

  • DELETE {BASE_URL}/orders/{order_id}

  • DELETE {BASE_URL}/payments/{payment_id}

  • DELETE {BASE_URL}/reviews/{review_id}

  • DELETE {BASE_URL}/shopping-lists/{shopping_list_id}

  • DELETE {BASE_URL}/custom-objects/{custom_object_container_id}/{customer_object_key}

  • DELETE {BASE_URL}/business-units/{business_unit_id}

  • DELETE {BASE_URL}/quotes/{quote_id}

  • DELETE {BASE_URL}/quote_requests/{quote_request_id}

  • DELETE {BASE_URL}/staged-quotes/{staged_quote_id}

Most of these endpoints support dataErasure parameter in DELETE requests. DataGrail sets it to true, it ensures the removal of all personal data related to the object, including Messages and internal logs.

 

Need help?
If you have any questions, please reach out to your dedicated CSM or contact us at support@datagrail.io.

Disclaimer: The information contained in this message does not constitute as legal advice. We would advise seeking professional counsel before acting on or interpreting any material.