fabric Identity manages authentication and authorization of all of fabric’s commerce platform APIs. Before invoking any fabric API, such as Product Catalog or Orders, API clients are required to authenticate with fabric Identity and get an access token. All commerce platform API requests must include this access token. These APIs check the access token for associated policies and permissions before allowing access to a specific merchant’s data.
In addition, application developers can use fabric Identity to implement user login and account management for their individual applications. In these scenarios, fabric Identity provides features to quickly implement login flows within applications.
Every API client needing access to fabric platform APIs must create an application (also referred to here as an app) representing itself within fabric Identity. You can create two types of apps depending on ‘how’ and ‘for whom’ the app gets the access tokens.
When using userapps, application developers can benefit from additional features offered by fabric Identity:
The previous identity solution (Identity v1) provided a simple approach to securing access to fabric’s commerce APIs and merchants’ data. v1 provided APIs for generating access tokens and using them when invoking other fabric APIs. The access tokens generated in v1 were merchant specific, making it difficult for storefront and third-party developers to implement advanced use cases using fabric APIs, such as user SSO for multi-channel access, B2B storefront, etc.
Identity v1 is now deprecated and is superseded by Identity v2, which is based on industry standard protocols allowing easy implementation of identity use cases for all commerce applications. fabric APIs continue to support access tokens generated from both v1 and v2, allowing time for existing API clients to migrate to the new Identity v2 solution.
fabric Identity manages authentication and authorization of all of fabric’s commerce platform APIs. Before invoking any fabric API, such as Product Catalog or Orders, API clients are required to authenticate with fabric Identity and get an access token. All commerce platform API requests must include this access token. These APIs check the access token for associated policies and permissions before allowing access to a specific merchant’s data.
In addition, application developers can use fabric Identity to implement user login and account management for their individual applications. In these scenarios, fabric Identity provides features to quickly implement login flows within applications.
Every API client needing access to fabric platform APIs must create an application (also referred to here as an app) representing itself within fabric Identity. You can create two types of apps depending on ‘how’ and ‘for whom’ the app gets the access tokens.
When using userapps, application developers can benefit from additional features offered by fabric Identity:
The previous identity solution (Identity v1) provided a simple approach to securing access to fabric’s commerce APIs and merchants’ data. v1 provided APIs for generating access tokens and using them when invoking other fabric APIs. The access tokens generated in v1 were merchant specific, making it difficult for storefront and third-party developers to implement advanced use cases using fabric APIs, such as user SSO for multi-channel access, B2B storefront, etc.
Identity v1 is now deprecated and is superseded by Identity v2, which is based on industry standard protocols allowing easy implementation of identity use cases for all commerce applications. fabric APIs continue to support access tokens generated from both v1 and v2, allowing time for existing API clients to migrate to the new Identity v2 solution.