Dev GuideAPI ReferenceUser Guide
Dev GuideAPI Reference
Dev GuideAPI ReferenceUser GuideGitHubNuGetDev CommunityDoc feedbackLog In
GitHubNuGetDev CommunityDoc feedback

To make calls to the Optimizely <<product-name>> API, the client must be configured with Identity Server with a client id, secret, and scope. Although it is possible to use developer tools within the browser to harvest the access token from <<product-name>> requests, it really isn't a viable solution for production. The recommendation is to create a client within Identity Server.

## Prerequisites

  • Fiddler installed

  • Visual Studio installed

  • SDK installed

## Overview of Steps

  1. Add client to Identity Server

  2. Configure client for Identity Server

  3. Use the client to interact with the API

## Detailed steps

  1. In Visual Studio, open the SDK solution.

  2. In the Web project, add a reference to \~\\Lib\\IdentityServer3.EntityFramework.dll.

    ️ Important

    Do not use Nuget to install IdentityServer3.EntityFramework because there are some version dependencies that are deployed along with the SDK.

  3. Open the \~\\InSiteCommerce.Web\\App_Start\\Startup.Auth.cs file.

  4. Open the \~\\InSiteCommerce.Web\\App_Start\\Startup.cs file.

  5. Add the following using statements to the top of the file.

    
  6. Add the following code to the end of the "Startup" method. This code    will create a connection to the database and add a new Identity    Server client called "Fiddler".Add the following code to the    "PostStartup" method. This code will create a connection to the    database and add a new Identity Server client called "Fiddler".
    **ClientName** – Fiddler
    **ClientId**  – fiddler
    **ClientSecret** – secret
    
  7. Rebuild the solution.
  8. Open Fiddler and go to the request Composer.
  9. Change the HTTP verb to "POST" and the URL to the Identity    authentication endpoint of your installed Insite Commerce    application (such as    <http://431sdk.local.com/identity/connect/token>).
  10. The "Authorization" header used to authenticate with Identity Server     needs to be encoded using Base64. The decoded format for the header     value is {clientid:clientsecret}. In this example, the decoded value     is "fiddler:secret". To encode the client id and client secret in     Fiddler, use the TextWizard. Be sure the transform operation is set     to "To Base64".
    
  11. Copy the following headers to the request in Fiddler. Be sure to     replace the "Authorization" header value with "Basic {encoded value     you created earlier}".
    
  12. In the body of the request, use a querystring to include user     credentials, grant type, and scope. The user credentials need to be     for a Storefront user for the <<product-name>> application. For example,     grant_type=password&username=admin&password=Password1&scope=iscapi.
  13. Execute the request.
  14. Validate the operation by confirming a 200 status for the response.     The response should include the access token needed to make     authenticated calls to the API. 
    
    
  15. To make requests to the API using the access token, simply change     the "Authorization" header value to "Bearer {access token from     identity response}".
  16. Back in Fiddler, send a request to /api/v1/sessions/current. If the     bearer token is set up correctly, you should receive a 200 status     and a session object in the response.