home

General

Adobe Sign ServicesAdvantage Platform AdministrationApprovals for Advantage PlatformApprovals for SalesforceBilling for Advantage PlatformBilling for SalesforceCLM for Advantage PlatformCLM for SalesforceContracts for SalesforceCollaborateComposer for Advantage PlatformComposer for SalesforceContractsConga for Google DocsConga Upgrade ProgramContract Intelligence (Standalone)Conga CopilotCPQ for Advantage PlatformCPQ for SalesforceDeal MaximizerDigital Commerce for Advantage PlatformDigital Commerce for SalesforceDiscovery AI for Advantage PlatformDiscovery AI for SalesforceDocusign ServiceseSignature Integration with Advantage PlatformGridInvoice GenerationMix FormsOrchestrateOrder Management for Advantage PlatformOrder Management for SalesforcePartner Commerce for Advantage PlatformPartner Commerce for SalesforceQuote GenerationSign for Advantage PlatformSign for SalesforceSmart SearchTest AuthorTurboEnginesX-Author for Contracts 1.0 (Classic)X-Author for ContractsX-Author for Contracts Advanced for Advantage PlatformX-Author for Contracts Advanced for SalesforceX-Author for ExcelX-Author for Migration Manager for Advantage PlatformX-Author for Migration ManagerRelease NotesGeneral
search
search
Adobe Sign ServicesAdvantage Platform AdministrationApprovals for Advantage PlatformApprovals for SalesforceBilling for Advantage PlatformBilling for SalesforceCLM for Advantage PlatformCLM for SalesforceContracts for SalesforceCollaborateComposer for Advantage PlatformComposer for SalesforceContractsConga for Google DocsConga Upgrade ProgramContract Intelligence (Standalone)Conga CopilotCPQ for Advantage PlatformCPQ for SalesforceDeal MaximizerDigital Commerce for Advantage PlatformDigital Commerce for SalesforceDiscovery AI for Advantage PlatformDiscovery AI for SalesforceDocusign ServiceseSignature Integration with Advantage PlatformGridInvoice GenerationMix FormsOrchestrateOrder Management for Advantage PlatformOrder Management for SalesforcePartner Commerce for Advantage PlatformPartner Commerce for SalesforceQuote GenerationSign for Advantage PlatformSign for SalesforceSmart SearchTest AuthorTurboEnginesX-Author for Contracts 1.0 (Classic)X-Author for ContractsX-Author for Contracts Advanced for Advantage PlatformX-Author for Contracts Advanced for SalesforceX-Author for ExcelX-Author for Migration Manager for Advantage PlatformX-Author for Migration ManagerRelease NotesGeneral

Conga Product Documentation

Welcome to the new doc site. Some of your old bookmarks will no longer work. Please use the search bar to find your desired topic.

search

General

chevron_left

General Contents

close
  • Features by Release

  • Conga Upgrade Program

  • chevron_right

    System Requirements and Supported Platforms Matrix

  • Managed Packages Dependency Matrix

  • Conga Applications in Salesforce Lightning

  • Salesforce Multi-Factor Authentication Support for Conga Commerce

  • chevron_right

    Conga Product Glossary

  • chevron_right

    Conga Upgrade Assistant

  • chevron_right

    Product Retirement Schedule

  • expand_more

    Developer Center

    • chevron_right

      Approvals for Salesforce REST APIs

    • chevron_right

      Billing for Salesforce REST APIs

    • chevron_right

      CLM for Salesforce REST APIs

    • chevron_right

      CPQ for Salesforce REST APIs

    • expand_more

      Digital Commerce for Salesforce REST APIs

      • chevron_right

        CPQ REST API Version 4

      • expand_more

        CPQ REST API Version 5

        • expand_more

          Authentication

          • Get Signing Key

            get
          • Revoke Token

            delete
          • Get Access Token

            post
          • Get Active User

            get
        • chevron_right

          Storefront

        • chevron_right

          Account

        • chevron_right

          PriceList

        • chevron_right

          Catalog

        • chevron_right

          Carts

        • chevron_right

          Cart Items

        • chevron_right

          Favorites

        • chevron_right

          Generic

        • chevron_right

          Order

        • chevron_right

          Quote

        • chevron_right

          Assets

        • chevron_right

          Collaboration Request

        • chevron_right

          User Views

    • chevron_right

      Discovery AI for Salesforce REST APIs

    • chevron_right

      Orchestrate REST APIs

    • chevron_right

      Partner Commerce for Salesforce REST APIs

    • chevron_right

      TurboEngines REST APIs

  1. General
  2. arrow_right
  3. Developer Center
  4. arrow_right
  5. Digital Commerce for Salesforce REST APIs
  6. arrow_right
  7. CPQ REST API Version 5

list_altShow Contents

chevron_left

General

Authentication

chevron_right
download

Get Access Token

post
/user/token

The /users/token endpoint must be used to obtain an access token for the current user. The body must contain the base64 data of the encrypted client credentials using the key obtained from the /users/key endpoint.

Request

Security: Basic Auth

Headers

Content-Type
string
required

Content type of the request body.

Example:
application/json
x-storefront
string
required

The name of the storefront used for the request.

Example:
ECommerce

Body

In order to obtain a temporary encryption key, a callout must be made to the /users/key endpoint that returns a 64-bit hexadecimal key similar to the following:

9d035a21deee3664ca5f7b8810c4251237774a6f01140d98fdadb6d214bcd3b7

Once a key has been obtained, you can use the encryption library of your choice to encrypt the request body with the AES-CBC algorithm.

  • Before base64 encoding the encrypted data, make sure the initialization vector used is prepended.

The result of the encryption should look similar in structure to:

047v2MG4m5cxkqwIXN1po0Q8p5PTpRlm9hlTlC89jPOpjkGlL3wZ732XDPveJLUWYkrJRnzt5M2bh+IZhIn4r+BmI21xPNQCESWZMSwOPn0=

This base64 string is used as the body of the request sent to the /users/token endpoint. Below are a couple of example using popular JavaScript frameworks:

// First obtain a key by making an API call to /users/key
const key = "9d035a21deee3664ca5f7b8810c4251237774a6f01140d98fdadb6d214bcd3b7";
// Initialization Vector for CBC algorithm
const iv = window.crypto.getRandomValues(new Uint8Array(16));
// Raw customer credential data
const clientCredentials = {
"username" : "customer@myshop.community.com",
"password" : "strongpassword"
}
// Supporting function to convert the hex key into an ArrayBuffer object
const hexToArrayBuffer = (hex) => {
var typedArray = new Uint8Array(hex.match(/[\da-f]{2}/gi).map(function (h) {
return parseInt(h, 16)
}));
return typedArray.buffer;
}
// Supporting function converts a string into an ArrayBuffer
const getUtf8Bytes = (str) =>
new Uint8Array(
[...unescape(encodeURIComponent(str))].map(c => c.charCodeAt(0))
);
crypto.subtle.importKey(
"raw",
hexToArrayBuffer(key),
{ //this is the algorithm options
name: "AES-CBC"
},
false, //whether the key is extractable (i.e. can be used in exportKey)
["encrypt", "decrypt"] // key can be used for encryption and decryption
)
.then((key) => {
return crypto.subtle.encrypt(
{
name: "AES-CBC",
//Don't re-use initialization vectors!
//Always generate a new iv every time your encrypt!
iv: iv,
length: 256
},
key, // CryptoKey object generated from hex key
getUtf8Bytes(JSON.stringify(clientCredentials)) // ArrayBuffer of client credentials
)
})
.then((encrypted) => {
// The result from the promise will contain encrypted customer credentials.
// In order to decrypt the request, the IV used must be prepended to the body
const requestData = btoa(String.fromCharCode(...iv) + String.fromCharCode(...new Uint8Array(encrypted)));
console.log(requestData);
// The request data can then be sent to the token endpoint in order to obtain an access token
});
// First obtain a key by making an API call to /users/key
const key = CryptoJS.enc.Hex.parse("9d035a21deee3664ca5f7b8810c4251237774a6f01140d98fdadb6d214bcd3b7");
// Initialization Vector for CBC algorithm
const iv = CryptoJS.lib.WordArray.random(128/8);
// Raw customer credential data
const clientCredentials = {
"username" : "customer@myshop.community.com",
"password" : "strongpassword"
}
const encrypted = CryptoJS.AES.encrypt(JSON.stringify(clientCredentials), key, {
iv: iv,
padding: CryptoJS.pad.Pkcs7,
mode: CryptoJS.mode.CBC
});
// The unencoded data sent to the server must contain the Initialization Vector prepended to the encrypted credentials
const result = btoa(atob(iv.toString(CryptoJS.enc.Base64)) + atob(encrypted.ciphertext.toString(CryptoJS.enc.Base64)));
username
string
password
string

Responses

200

OK

Body

data
object
required
userId
string
acccessToken
string
Auth
Username
:
Password
:
Parameters
:
:
Body
1
{
2
"username": "sample@example.com",
3
"password": "pswd"
4
}
curl --request POST \
--url https://documentation.conga.com/user/token \
--header 'Accept: application/json' \
--header 'Authorization: Basic 123' \
--header 'Content-Type: application/json' \
--header 'x-storefront: ' \
--data '{
"username": "sample@example.com",
"password": "pswd"
}'
Response Example
1
{
2
"title": "success",
3
"status": 200,
4
"data": {
5
"userId": "0050f000008nTccAAE",
6
"accessToken": "00DG0000000iqtB!ARUAQHofFrVurFKWS8TcFKmhFM1yiA1VBzEVVAOXDB.5r_rlpxXuj53RnqfY2QKUgsL3N.ge5kmSPN5UcHK9iHckog6eTw.4"
7
}
8
}
chevron_leftchevron_right
chevron_right

Footer Section

Explore


Conga.com
Legal
Feedback
Contact Support

Copyright © 2025 Conga Corporation • All Rights Reserved

Cookie Notice

We use cookies to improve your experience on our site. To find out more, read our cookie policy.