Authenticating Orchestrate APIs
The purpose of this page is to describe the headless Orchestrate API service that enables rapid experience-first commerce development and applications.
Orchestrate API follows a microservice architecture that enables commerce into any part of an application and is built on the JSON API specification, follows predictable REST URLs and supports cross-origin resource sharing.
Authentication
All requests to the API need to be accompanied by an authorization header with a standard salesforce authentication token.
Authorization: Bearer
00D230000000nZM!ARMAQHLLm33JxYYP.UJn1gF6FFmLv8sDYK_8szeckHWtbguztoBpF0HL8...
Endpoint
The Orchestrate API is installed with the Orchestrate package and can be exposed to external applications via a Salesforce site or community.
https://instanceUrl/services/apexrest/fstr
Versions
The Orchestrate API ensures backward compatibility by properly versioning any changes to the APIs. Should changes to the API structure need to be made, it will occur within a new version and older functionality will be preserved.
Content Type
Requests made to the API must be encoded as JSON and contain the header
Content-Type: application/json
Includes
You can easily include resource relationships on most top-level resources. Multiple includes are defined using comma-delimited values.
Caching
Server side caching is used and can be configured per request using the cacheStrategy query parameter.
Errors
Any request that returns an error follows a standard format. The Orchestrate Import API will return an object that contains a list of errors with the import, the import status, and definition IDs imported
