Sitecore Ordercloud

Anonymous Shopping

Suggest an edit
Robert Watt

Updated by Robert Watt

April 29th, 2022


Anonymous Shopping, or Guest Checkout, is when a user is enabled to browse a catalog of products and/or checkout without registering themselves. Accomplishing this requires OrderCloud developers to pull together a lot of platform knowledge. We'll summarize that information here.

Configuring the Application

An anonymous buyer experience must work within a default context user - otherwise OrderCloud has no context for determining data the anonymous user has access to, like product and pricing information. Therefore, you will need an active buyer user before we can proceed.

Once you have an active user, navigate to the Console and click on the API Clients from the left hand nav and select your API Client that has Buyer Access defined.

Buyers Access

Now, scroll down to the bottom of the detail for that API Client until you get to the section titled "Default Context User" then search for and select a buyer user. This will be the user that all anonymous users will inherit security and assignments from.

Default Context User

Finally, scroll down a bit further and make sure "Anonymous Buyer Enabled?" is toggled on.

Authenticating Anonymous Users

Once your application is set up with a template user, we're ready to authenticate anonymously. Using the Client Credentials grant-type and only a client_id, make a request to the OrderCloud OAuth server:

client_id=xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx&scope=ProductReader CategoryReader MeAddressAdmin MeCreditCardAdmin&grant_type=client_credentials

You will receive a standard OAuth response that contains an access_token you can use for the duration of the anonymous shopping experience.

Note: Anonymous access_tokens have a fixed duration of 1 week, access token duration set on the API Client has no effect on anonymous users. Refresh tokens are not available to anonymous users.

It is important to note that while it is possible to fully submit an order using this token, there isn't a secure way to let the anonymous user view historical order data. If this is required for your project, you should consider profiling your users at some point before submitting an order.

Profiling Anonymous Users

Prompting your anonymous shoppers to profile themselves before checking out ensures that historical order data can be captured so the user can view it when they return to your site. When you choose to profile users doesn't matter, it can happen before or after they create an order. Order information created during the anonymous access_token's life-cycle will transfer to the newly profiled user automatically.

The request is relatively simple: provide the anonymous access_token for the anonUserToken and the request body should contain the profile information filled out by the anonymous user:

API Reference: Register an anonymous user

Authorization: Bearer eyJ0eXAi0iJKV1QiLCJhbGci0iJ9...
Content-Type: application/json

  "ID": "NewUserName",
  "Username": "MyUserName",
  "FirstName": "John",
  "LastName": "Doe",
  "Email": "",
  "Phone": "555-555-5555",
  "TermsAccepted": true,
  "Active": true,
  "xp": null

Similar to any other auth response you will receive an access_token after profiling the user. At this point, remove the anonymous access_token and continue forward with the profiled user's access_token.