Letβs get you up and running with the Commerce Engine Storefront API. This guide covers the basics: obtaining credentials, understanding environments, and making your first API call.
Prerequisites
Before you begin, youβll need a Commerce Engine account and at least one Store configured. You can manage your account, stores, and API credentials through the Commerce Engine Admin Portal.
Youβll need two key pieces of information from the Admin Portal to interact with the Storefront API for a specific store:
store_id
: This unique identifier represents your specific store within your Commerce Engine organization. All data (products, orders, customers, etc.) is scoped to a store. Youβll find this ID in the Store settings section of the Admin Portal.
API Key (X-Api-Key
): This secret key is used only for the initial authentication step to identify your application when requesting an anonymous user token.
Security Notice
Treat this key securely like a password; it should not be exposed in frontend code. Find this key in the API Credentials or Developer settings section for your store in the Admin Portal.
Commerce Engine provides distinct environments for development/testing and live production use:
https://staging.api.commercengine.io/api/v1/{store_id}/storefront
https://prod.api.commercengine.io/api/v1/{store_id}/storefront
Simply replace {store_id}
in the URL with your actual Store ID obtained from the Admin Portal. Youβll switch between these base URLs as you move from development to production.
Commerce Engine is a headless platform. This means we provide the backend commerce functionality via APIs, and you build the entire customer-facing frontend (the βheadβ) β whether itβs a website, mobile app, or other digital interface. You have complete control over the look, feel, and user experience.
All interactions with Commerce Engine happen through standard HTTP requests to our API endpoints. Youβll typically use JSON for request and response bodies.
Every user interaction, even before they log in or sign up, should be associated with a unique identity. This is crucial for providing personalized experiences and enabling powerful server-side analytics from the very first click.
The first step in any storefront integration is to obtain an anonymous user token. This token identifies the userβs session even before they are known.
Youβll make a POST
request to the /auth/anonymous
endpoint, providing your storeβs API Key in the X-Api-Key
header.
Response:
Key takeaways from the response:
content.user.id
: A unique ID for this anonymous user.content.access_token
: A short-lived Bearer token used to authenticate subsequent API calls for this userβs session.content.refresh_token
: A longer-lived token used to obtain a new access_token
when it expires.Important: Token Storage
Crucially, you must securely store both the access_token
and refresh_token
on the client-side. Weβll cover how to use and manage these tokens in the Authentication section.
Now that you have an access_token
, you can make authenticated requests to other Storefront API endpoints by including it in the Authorization
header:
Youβve successfully made your first authenticated call! Next, letβs dive deep into authentication mechanisms.