Adobe Commerce API Essential Guide

What type of API does Adobe Commerce provide?

Based on the search results provided, Adobe Commerce offers multiple types of APIs:

1. GraphQL API
2. REST API
3. SOAP API

Key points to consider:

1. GraphQL:

   • Primarily designed for storefront scenarios, one-page apps, and mobile applications
   • Supports token and cookie authentication, as well as guest access to public queries
   • Has a schema independent from the core schema for Adobe Commerce and Magento Open Source

2. REST:

   • Designed for system integrations, mobile app integrations, and one-page apps
   • Supports tokens, cookies, and OAuth 1.0 with token exchange
   • Allows guest access to public resources

3. SOAP:

   • Designed for systems integration
   • Supports token authentication for customers and admins, as well as no authentication for anonymous service methods
   • Does not support cookie authentication and OAuth 1.0

Best practices:

1. Use GraphQL for frontend development and storefront scenarios
2. Use REST or SOAP for Admin Panel integrations and backend system integrations
3. Ensure proper authentication and authorization for API access
4. Follow the specific guidelines for each API type when designing and implementing endpoints
5. Use versioning for REST APIs to maintain compatibility
6. Cover all new web API endpoints with functional tests

In summary, Adobe Commerce provides a comprehensive set of APIs including GraphQL, REST, and SOAP, each designed for specific use cases and integration scenarios. The choice of API depends on the specific requirements of your project and the type of integration you're implementing.

Does the Adobe Commerce API have webhooks?

Webhooks in Adobe Commerce API

Yes, the official Adobe Commerce API does have webhooks. Adobe Commerce provides a webhooks feature that allows developers to configure synchronous logic to execute calls to external systems when specific Adobe Commerce events are triggered.

Types of Events You Can Subscribe To

The search results mention several examples and use cases:

1. Shopping Cart Events: Events can be triggered when a shopper adds a product to their shopping cart.

2. Quote Creation: An event can fire when an administrator creates a quote.

3. Product Availability: Webhooks can be used to check product stock status in real-time.

4. Order Management: Events related to order management can trigger webhooks.

5. Asset Upload: Events triggered when a user uploads an asset can be integrated with Commerce.

Key Points to Consider

1. Synchronous Communication: Webhooks in Adobe Commerce are designed for scenarios where synchronous communication with an external server is critical.

2. Event Triggers: Webhook execution always starts with an event occurring in Adobe Commerce.

3. Real-time Calls: The event triggers a real-time call from Commerce to a URL endpoint, such as an Order Management System.

4. Response Resolution: Webhooks can be resolved as successful, by throwing an exception, or by modifying the data payload of the event.

5. Configuration: Merchants can browse available events from the Admin panel under System > Events > Events.

6. Security: Adobe I/O Events (which can be used with Commerce) provides robust security measures for webhook events, including digital signatures and client ID verification.

Best Practices

1. Use webhooks only when synchronous communication is necessary. For many scenarios, asynchronous communication might be sufficient.

2. Consider using Adobe I/O Events for Adobe Commerce for certain types of event-driven integrations.

3. Test your webhooks thoroughly using the provided testing tools and commands.

4. Implement proper error handling and retry mechanisms in your webhook consumers.

5. Keep your webhook endpoints secure and validate incoming requests.

To implement webhooks in Adobe Commerce, you'll need to create a webhooks.xml file, configure the events you want to subscribe to, and set up the necessary endpoint to receive and process the webhook calls.

Rate Limits and other limitations

Here are the key points about the API Rate Limits of the Adobe Commerce API:

Default Rate Limits

• REST requests containing inputs representing a list of entities are limited to a default maximum of 20 entities [1][5].

• REST and GraphQL queries that allow paginated results are limited to a default maximum of 300 items per page [1][5].

• These default limits were introduced in Adobe Commerce 2.4.3 to prevent denial-of-service (DoS) attacks [1][5].

Configurable Limits

• The input limits can be configured in several ways [2]:

  • Set values in the Admin
  • Use the bin/magento config:set command
  • Add entries to the env.php file
  • Set environment variables

• Specific REST endpoints can have custom limits set in the webapi.xml or webapi_async.xml configuration files [2].

Rate Limiting for Payments

• As of Adobe Commerce 2.4.7, rate limiting can be configured specifically for payment information transmitted via REST and GraphQL [3].

• This helps prevent carding attacks that test many credit card numbers at once [3].

Configuring Rate Limiting

• Rate limiting is disabled by default but can be enabled and configured using bin/magento config:set commands or through the Admin [3].

• Key configuration parameters include:

  • sales/backpressure/enabled: Enable/disable rate limiting
  • sales/backpressure/guest_limit: Request limit for guests
  • sales/backpressure/limit: Request limit for authenticated customers
  • sales/backpressure/period: Time period for the request limit

Response Behavior

• When rate limiting is applied, REST requests will receive a 429 Too Many Requests status code [3].

• For GraphQL, a 200 OK status is returned with error information in the response body [3].

Disabling or Modifying Limits

• While not recommended, the built-in API limits can be disabled or increased by applying hotfixes provided by Adobe [5].

• It's generally better to spread requests over time rather than disabling limits entirely [5].

In summary, Adobe Commerce provides configurable API rate limiting to protect against DoS attacks and excessive API usage. While default limits are in place, they can be customized to suit specific needs, with options to configure limits globally or for specific endpoints.

Latest API Version

Based on the search results provided, here are the key points regarding the most recent version of the Adobe Commerce API:

Current Version

The most recent version of the Adobe Commerce core application is 2.4.7, which was released on April 9, 2024 [2]. This version includes:

• Performance improvements
• Quality enhancements
• Security enhancements
• Third-party dependency updates

API Types

Adobe Commerce offers multiple types of APIs:

1. REST API: The REST API documentation describes the REST APIs available in the latest Adobe Commerce release.

2. GraphQL API: GraphQL is also supported and is considered more powerful, flexible, and efficient than REST for frontend development.

Key Points to Consider

• Adobe Commerce provides both REST and GraphQL APIs for integrating third-party software and building headless applications.

• The Web API documentation is divided into three guides: REST, GraphQL, and Getting Started.

• Adobe regularly releases improvements for extensibility tools, infrastructure, and SaaS products (services) between major releases.

• The release schedule includes security patches and feature updates throughout the year.

Best Practices

1. Stay updated: Keep track of the release schedule and plan to upgrade your systems accordingly to benefit from the latest features and security enhancements.

2. Choose the appropriate API: Depending on your use case, select either REST or GraphQL. GraphQL is recommended for frontend development due to its flexibility and efficiency.

3. Refer to documentation: Always consult the official Adobe Commerce Web API documentation for the most up-to-date information on API usage and best practices.

4. Consider extensibility: Look into the new developer tools and services for out-of-process extensibility that are delivered independently from patch releases, such as Admin UI SDK, Adobe I/O Events for Commerce, and API Mesh.

In conclusion, while the core Adobe Commerce application is currently at version 2.4.7, the APIs (both REST and GraphQL) are continuously updated and improved. It's essential to refer to the official documentation for the most current information on API versions and capabilities.

How to get a Adobe Commerce developer account and API Keys?

1. Get an Adobe Developer account

• Sign up for an Adobe Developer account at https://developer.adobe.com
• You need System Administrator or Developer Role permissions

2. Get access to App Builder

• Request access to App Builder as described in the "How to Get Access to App Builder" documentation
• There may be a delay in processing access requests

3. Create an integration in Adobe Commerce

• Log in to your Adobe Commerce admin panel
• Go to System > Extensions > Integrations
• Click "Add New Integration"
• Enter a name for the integration
• Set Resource Access to "All" under API permissions
• Save the integration
• Copy the generated API credentials (consumer key, consumer secret, access token, access token secret)

4. Configure the integration in Adobe Developer Console

• Log in to https://developer.adobe.com/console
• Create a new project
• Add the Adobe Commerce API to your project
• Configure OAuth or JWT authentication
• Enter the API credentials from step 3

Key points:

• You need proper permissions in both Adobe Developer Console and Adobe Commerce admin
• The integration in Commerce generates the API credentials
• Those credentials are then used to configure the integration in Developer Console
• This allows your application to authenticate and make API calls to Adobe Commerce

What can you do with the Adobe Commerce API?

Based on the provided search results, here is a list of data models that can be interacted with using the Adobe Commerce API, along with what is possible for each:

Product Data Model

• Create, read, update, and delete products
• Manage product attributes, categories, and inventory
• Upload and manage product images and media
• Configure product pricing and promotions

Customer Data Model

• Create, read, update, and delete customer accounts
• Manage customer groups and segments
• Access customer order history and preferences
• Handle customer authentication and authorization

Order Data Model

• Create and manage orders
• Process order payments and refunds
• Update order status and shipment information
• Access order details and history

Catalog Data Model

• Manage product categories and attributes
• Configure catalog rules and pricing
• Handle product visibility and availability
• Manage related products and up-sells

Inventory Data Model

• Update product stock levels
• Manage multi-source inventory
• Configure inventory thresholds and notifications
• Handle backorders and out-of-stock scenarios

Cart and Checkout Data Model

• Create and manage shopping carts
• Add, update, and remove cart items
• Apply discounts and promotions to carts
• Process checkout and order placement

Content Data Model

• Manage CMS pages and blocks
• Create and update product descriptions
• Handle content staging and scheduling
• Manage media assets and galleries

Store Configuration Data Model

• Manage store settings and configurations
• Configure payment and shipping methods
• Set up tax rules and rates
• Manage website and store views

User and Role Data Model

• Create and manage admin users
• Configure user roles and permissions
• Manage API tokens and integrations

Search Data Model

• Configure search settings and synonyms
• Manage search results and relevance
• Handle faceted search and filtering

It's important to note that the Adobe Commerce API supports various interaction methods, including REST, SOAP, and GraphQL. The API framework is based on the CRUD (create, read, update, delete) and search model, allowing for comprehensive interaction with these data models. Additionally, the API supports field filtering to optimize response data and conserve bandwidth.