Session-aware access tokens

Session-aware access tokens are essential for maintaining a consistent and seamless shopping experience in a Global Commerce environment. These tokens link the shopper session with the access token, enabling continuity and security across various stages of the shopping and checkout process. With session-aware access tokens, businesses can ensure user authentication, preserve shopper state, and facilitate smoother transitions, especially when moving between different platforms or third-party applications to the Digital River-hosted checkout.

You should use session-aware access tokens when maintaining a consistent shopper session is crucial, including:

• Transitioning to checkout: When moving a shopper from a third-party application to a Digital River-hosted checkout, a session-aware token is required to link the shopper session.

• Seamless user experience: Preserving the shopper's session state across different platforms and stages of the purchase process ensures a smooth and continuous workflow.

• Security and authentication: This feature helps securely manage and validate the shopper's session, ensuring that access is legitimate and linked to an authenticated shopper.

Creating a session-aware access token

Creating a session-aware access token is crucial for maintaining a consistent and secure shopping experience across multiple platforms and stages of the eCommerce process. This guide will walk you through the steps needed to generate a session-aware token, ensuring that your shoppers' sessions remain intact and authenticated as they transition through different phases of their purchase journey. Whether moving a shopper from a third-party application to a Digital River-hosted checkout or simply striving for a seamless user experience, these instructions will help you implement session-aware tokens effectively.

To create a session-aware access token, follow these steps:

1. Choose the appropriate method: You can use either a browser call or a request to the Token endpoint in the or the .

1. Use the correct parameters: Depending on your workflow, use the sessionToken query or the dr_session_token form parameters to request the session-aware token.

2. Send the request: Include all necessary authentication details and parameters in your request to obtain the session-aware token.

You can choose one of the following options to create a session-aware access token:

• Creating an anonymous shopper token for a site with an API key

• Creating an anonymous shopper token for a site via OAuth 2.0

Creating an anonymous shopper token for a site with an API key

You may need to create an anonymous shopper token when integrating a third-party application with Digital River's checkout platform. This token allows limited access to the site and enables the shopper to browse and select items without requiring full authentication. It is particularly useful for providing a streamlined shopping experience. The following steps outline creating an anonymous shopper token using your site's API key.

1. Establish the token: Pass your API key to the sessionToken site action.

2. Make the request: Ensure the sessionToken site action originates from the client's side (shopper's browser).

Here's an example using Ajax:

function sessionToken() {
    $.ajax({
        url: "https://store.digitalriver.com/store/[siteID]/SessionToken?apiKey=[apiKey]&format=json",
        type: 'GET',
        async: false,
        contentType: "application/json",
        dataType: "jsonp",
        error: function(data) {
        },
        success: function(data) {
        }
    });
}

Creating an anonymous shopper token for a site via OAuth 2.0

Creating an anonymous shopper token via OAuth 2.0 involves generating a session token and obtaining an anonymous access token. This process helps maintain secure and limited access for users, ensuring their shopping experience is seamless and protected. Here, we'll guide you through the steps to achieve this by making precise AJAX calls to the appropriate endpoints.

Step 1: Get a dr_session_token from the sessionToken site action with no API key

To get a dr_session_token from the sessionToken site action without an API key, use the following Ajax request:

function sessionToken() {
       $.ajax({
          url: "https://store.digitalriver.com/store/[siteID]/SessionToken?format=json",
           type: 'GET',
           async: false,
           contentType: "application/json",
           dataType: "jsonp",
            error: function (data) {
            },
            success: function (data) {
             }
        });
}

Step 2: POST the dr_session_token to the oauth20 resource to get an anonymous shopper token

To use a dr_session_token with the /oauth20/token endpoint to get an anonymous shopper token, follow these steps:

1. Get the dr_session_token: Follow the instructions from Step 1 to obtain the dr_session_token.

2. Send a POST request: Send the /oauth20/token and include the dr_session_token as the bearer.

3. Retrieve the response: The response will include the access_token, token_type, expires_in, and refresh_token.

curl --location -g --request POST 'https://api.digitalriver.com/oauth20/token' \
--header 'Authorization: bearer {{access_token}}' \
...
--data-raw '{
    dr_session_token: [from step #1)
    grant_type: password
    format:json
}'

{
  "token": {
    "access_token": "96c44081d5ee98a7545ede88de966f0f371112b939b503219575572b5054be5b52b...",
    "token_type": "bearer",
    "expires_in": "86397",
    "refresh_token": "96c44081d5ee98a7545ede88de966f0f371112b939b503219575572b5054be5b8f5..."
  }
}

You can use this anonymous shopper token for further API interactions.