Loading
Salesforce now sends email only from verified domains. Read More
B2C Commerce Release Notes
Table of Contents
Filter by (0)Add
Select Filters

          No results
          No results
          Here are some search tips

          Check the spelling of your keywords.
          Use more general search terms.
          Select fewer filters to broaden your search.

            Search all of Salesforce Help
            Search all of Salesforce Help
            Upgrade to Introspect Endpoint for Secure Token Management

            You are here:

            1. Salesforce Help
            2. Docs
            3. B2C Commerce Release Notes

            Upgrade to Introspect Endpoint for Secure Token Management

            Salesforce strongly recommends that you replace the /tokeninfo endpoint with the /dwsso/oauth2/introspect endpoint. The /tokeninfo endpoint requires that the token is passed as a URL parameter. Sensitive information within URLs can be logged in various locations, including the user’s browser, the web server, and any forward or reverse proxy servers between the two endpoints. The /dwsso/oauth2/introspect endpoint includes the UUID access token in the request body which isn’t logged or recorded. In addition, only authenticated clients can use this endpoint. As an added level of security, an API client can only introspect its own tokens and can’t share information outside of your organizations.

            When: Beginning March 1, 2025, the /tokeninfo endpoint is deprecated and Salesforce ends support for the endpoint.

            How: If you currently use the /tokeninfo endpoint, replace it with the /dwsso/oauth2/introspect (https://account.demandware.com/dwsso/oauth2/introspect) endpoint. This endpoint is specified in RFC 7662, and provides a secure alternative. To learn more, see Deprecation Notice for /tokeninfo and /dw/oauth2 endpoints for Commerce Cloud B2C platform's Account Manager.

             
            Loading
            Salesforce Help | Article