Skip to content

Commit 06a9aa8

Browse files
committed
doc update
1 parent db66b17 commit 06a9aa8

File tree

4 files changed

+65
-32
lines changed

4 files changed

+65
-32
lines changed

docs/cli/auth.md

Lines changed: 10 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -88,25 +88,29 @@ The CLI supports multiple authentication methods depending on the operation.
8888

8989
### Account Manager API Client (OAuth)
9090

91-
Most instance operations require an Account Manager API Client. The CLI supports two OAuth flows:
91+
Most instance operations require an Account Manager API Client. The CLI supports two authentication methods:
9292

93-
| Auth Method | Description | Use Case |
94-
|-------------|-------------|----------|
95-
| User Authentication | Interactive browser-based login | Development, manual operations |
96-
| Client Credentials | Non-interactive with client ID/secret | CI/CD, automation, scripts |
93+
| Auth Method | When Used | Role Configuration |
94+
|-------------|-----------|-------------------|
95+
| User Authentication | Only `--client-id` provided | Roles on your **user account** |
96+
| Client Credentials | Both `--client-id` and `--client-secret` provided | Roles on the **API client** |
9797

9898
```bash
99+
# User Authentication (opens browser for login)
100+
b2c ods list --client-id xxx
101+
99102
# Client Credentials
100103
export SFCC_CLIENT_ID=my-client
101104
export SFCC_CLIENT_SECRET=my-secret
105+
b2c ods list
102106
```
103107

104108
Used by:
105109
- Code management (`code list`, `code activate`, `code delete`)
106110
- Job operations (`job run`, `job search`, `job import`, `job export`)
107111
- Site operations (`sites list`)
108112
- ODS operations (requires `Sandbox API User` role)
109-
- SLAS operations (requires `SLAS Organization Administrator` or `Sandbox API User` role)
113+
- SLAS operations (requires `SLAS Organization Administrator` or `Sandbox API User` role depending on auth method)
110114

111115
### Basic Auth (WebDAV)
112116

docs/cli/ods.md

Lines changed: 13 additions & 11 deletions
Original file line numberDiff line numberDiff line change
@@ -12,31 +12,33 @@ These flags are available on all ODS commands:
1212

1313
## Authentication
1414

15-
ODS commands require an Account Manager API Client with appropriate roles.
15+
ODS commands require an Account Manager API Client.
1616

1717
### Required Roles
1818

19-
| Auth Method | Role | Description |
20-
|-------------|------|-------------|
21-
| User Authentication | `Sandbox API User` | For interactive/browser-based authentication |
22-
| Client Credentials | `Sandbox API User` | For automated/service authentication |
19+
| Auth Method | Role | Configured On |
20+
|-------------|------|---------------|
21+
| User Authentication | `Sandbox API User` | Your user account |
22+
| Client Credentials | `Sandbox API User` | The API client |
23+
24+
**User Authentication**: Used when only `--client-id` is provided. Opens a browser for login. The `Sandbox API User` role must be assigned to your user account in Account Manager.
25+
26+
**Client Credentials**: Used when both `--client-id` and `--client-secret` are provided. The `Sandbox API User` role must be assigned to the API client.
2327

2428
### Tenant Scope
2529

26-
The API client must have tenant scope configured for the realm(s) you wish to manage. This is configured in Account Manager when setting up the API client.
30+
The API client must have tenant scope configured for the realm(s) you wish to manage. This is configured in Account Manager under the API client's **Organizations** section.
2731

2832
### Configuration
2933

30-
Provide credentials via flags or environment variables:
31-
3234
```bash
35+
# User Authentication (opens browser)
36+
b2c ods list --client-id xxx
37+
3338
# Client Credentials
3439
export SFCC_CLIENT_ID=my-client
3540
export SFCC_CLIENT_SECRET=my-secret
3641
b2c ods list
37-
38-
# Or via flags
39-
b2c ods list --client-id xxx --client-secret yyy
4042
```
4143

4244
---

docs/cli/slas.md

Lines changed: 13 additions & 11 deletions
Original file line numberDiff line numberDiff line change
@@ -12,31 +12,33 @@ These flags are available on all SLAS commands:
1212

1313
## Authentication
1414

15-
SLAS commands require an Account Manager API Client with appropriate roles.
15+
SLAS commands require an Account Manager API Client.
1616

1717
### Required Roles
1818

19-
| Auth Method | Role | Description |
20-
|-------------|------|-------------|
21-
| User Authentication | `SLAS Organization Administrator` | For interactive/browser-based authentication |
22-
| Client Credentials | `Sandbox API User` | For automated/service authentication |
19+
| Auth Method | Role | Configured On |
20+
|-------------|------|---------------|
21+
| User Authentication | `SLAS Organization Administrator` | Your user account |
22+
| Client Credentials | `Sandbox API User` | The API client |
23+
24+
**User Authentication**: Used when only `--client-id` is provided. Opens a browser for login. Roles must be assigned to your user account in Account Manager.
25+
26+
**Client Credentials**: Used when both `--client-id` and `--client-secret` are provided. Roles must be assigned to the API client.
2327

2428
### Tenant Scope
2529

26-
The API client must have tenant scope configured for the realm/organization you wish to manage. This is configured in Account Manager when setting up the API client.
30+
The API client must have tenant scope configured for the organization you wish to manage. This is configured in Account Manager under the API client's **Organizations** section.
2731

2832
### Configuration
2933

30-
Provide credentials via flags or environment variables:
31-
3234
```bash
35+
# User Authentication (opens browser)
36+
b2c slas client list --tenant-id abcd_123 --client-id xxx
37+
3338
# Client Credentials
3439
export SFCC_CLIENT_ID=my-client
3540
export SFCC_CLIENT_SECRET=my-secret
3641
b2c slas client list --tenant-id abcd_123
37-
38-
# Or via flags
39-
b2c slas client list --tenant-id abcd_123 --client-id xxx --client-secret yyy
4042
```
4143

4244
---

docs/guide/authentication.md

Lines changed: 29 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -18,26 +18,51 @@ The CLI uses different authentication mechanisms depending on the operation:
1818

1919
Most CLI operations require an Account Manager API Client. This is configured in the Salesforce Commerce Cloud Account Manager.
2020

21+
### Authentication Methods
22+
23+
The CLI supports two authentication methods:
24+
25+
| Method | When Used | Role Configuration |
26+
|--------|-----------|-------------------|
27+
| **User Authentication** | When only `--client-id` is provided (no secret) | Roles configured on your **user account** |
28+
| **Client Credentials** | When both `--client-id` and `--client-secret` are provided | Roles configured on the **API client** |
29+
30+
**User Authentication** opens a browser for interactive login and uses roles assigned to your user account. This is ideal for development and manual operations.
31+
32+
**Client Credentials** uses the API client's secret for non-interactive authentication. This is ideal for CI/CD pipelines and automation.
33+
2134
### Creating an API Client
2235

2336
1. Log in to [Account Manager](https://account.demandware.com)
2437
2. Navigate to **API Client** in the left menu
2538
3. Click **Add API Client**
2639
4. Fill in the required fields:
2740
- **Display Name**: A descriptive name (e.g., "B2C CLI")
28-
- **Password**: A strong client secret (save this securely)
41+
- **Password**: A strong client secret (save this securely for Client Credentials auth)
2942
5. Configure the **Token Endpoint Auth Method**:
3043
- `client_secret_post` for client credentials flow
3144
6. Set **Access Token Format** to `JWT`
3245

3346
### Assigning Roles
3447

35-
Under the **Roles** section, add the appropriate roles based on what operations you need:
48+
Roles grant permission to perform specific operations. Where you configure roles depends on your authentication method:
49+
50+
#### For Client Credentials (roles on API Client)
51+
52+
Under the API Client's **Roles** section, add:
53+
54+
| Role | Operations |
55+
|------|------------|
56+
| `Sandbox API User` | ODS management, SLAS client management |
57+
58+
#### For User Authentication (roles on User)
59+
60+
In Account Manager, navigate to your user account and add roles:
3661

3762
| Role | Operations |
3863
|------|------------|
39-
| `Sandbox API User` | ODS management, SLAS client management (client credentials) |
40-
| `SLAS Organization Administrator` | SLAS client management (user authentication) |
64+
| `Sandbox API User` | ODS management |
65+
| `SLAS Organization Administrator` | SLAS client management |
4166

4267
### Configuring Scopes
4368

0 commit comments

Comments
 (0)