To use Lovable as a headless frontend for Salesforce Commerce Cloud (SFCC), create Edge Functions that proxy SFCC's Open Commerce API (OCAPI) or the newer SLAS-authenticated Shop API. Store your SFCC client ID and client secret in Cloud → Secrets. Edge Functions handle OAuth2 token exchange, then proxy product catalog, cart, and checkout calls to your SFCC instance — giving your commerce data a modern React UI without modifying the SFCC backend.
Build a modern headless storefront on Salesforce Commerce Cloud with Lovable
Salesforce Commerce Cloud (SFCC), formerly Demandware, powers the e-commerce operations of hundreds of enterprise retailers. It manages product catalogs, pricing, promotions, inventory, cart, checkout, and order management at scale. But SFCC's built-in storefront templates are aging server-rendered architectures — many merchants want a modern React frontend without migrating their commerce backend.
Lovable solves this as a headless frontend layer: SFCC manages commerce data and business logic, while Lovable builds the customer-facing interface through SFCC's API layer. The architecture is MACH (Microservices, API-first, Cloud-native, Headless) — the approach enterprise retailers increasingly favor. Your Lovable Edge Functions authenticate to SFCC using OAuth2 client credentials (the SLAS server-to-server flow), then proxy product, cart, and checkout API calls to SFCC, returning the data to your React components.
SFCC's API surface has two generations. The older Open Commerce API (OCAPI) uses a simpler client ID and is still widely deployed. The newer Commerce API with SLAS (Shopper Login and API Access Service) is Salesforce's current direction, supporting modern OAuth2 flows. This guide covers the SLAS client credentials flow for server-side Edge Function calls — the pattern appropriate for a Lovable backend proxy. The key distinction to understand is Shop API versus Data API: the Shop API handles customer-facing operations (browse products, manage cart, checkout), while the Data API handles administrative operations (manage catalog, import products, update prices) — Edge Functions should primarily call the Shop API.
Integration method
Salesforce Commerce Cloud has no native Lovable connector. Lovable acts as a headless frontend by proxying commerce API calls through Edge Functions. The functions handle SLAS (Shopper Login and API Access Service) OAuth2 authentication, then forward product, cart, and checkout requests to SFCC's Shop API or OCAPI endpoints. Client credentials are stored in Cloud → Secrets and never exposed to the browser.
Prerequisites
- An active Salesforce Commerce Cloud instance with OCAPI or Commerce API access enabled by your SFCC administrator
- A Lovable project with at least one deployed app (Edge Functions require Lovable Cloud)
- SFCC SLAS client credentials (client ID and client secret) — obtained from your SFCC Business Manager under Administration → Site Development → SLAS Administration
- Your SFCC instance URL (e.g., https://abcd-001.dx.commercecloud.salesforce.com) and Site ID
- OCAPI or Commerce API configurations in SFCC Business Manager allowing your client ID to access Shop API endpoints
Step-by-step guide
Configure SLAS client credentials in SFCC Business Manager
Configure SLAS client credentials in SFCC Business Manager
SFCC authentication requires setup in your SFCC Business Manager before any API calls can be made from Lovable. You need to create a SLAS API Client that will represent your Lovable integration. Log in to your SFCC Business Manager (typically at yourdomain.demandware.net/on/demandware.store/Sites-Site/default/ViewApplication-DisplayWelcomePage). Navigate to Administration → Site Development → SLAS Administration. If you do not see this menu, ask your SFCC administrator — you need Organization Manager or Administrator permissions. In SLAS Administration, click 'Add API Client'. Fill in: - Client ID: a unique identifier for this integration (e.g., lovable-storefront-client). Keep this value — it becomes your SFCC_CLIENT_ID secret. - Client secret: click 'Generate' to create a secure random secret. Copy it immediately — it is only shown once. This becomes your SFCC_CLIENT_SECRET secret. - Redirect URIs: add your Lovable app's deployed URL (for OAuth flows with shoppers, not needed for server-to-server) and https://localhost:3000 for development. - Scopes: for server-to-server Edge Function calls, you need at minimum: sfcc.products.rw, sfcc.baskets.rw, sfcc.orders.rw, sfcc.customerlists.rw depending on what APIs you intend to call. - Token endpoint auth method: select 'client_secret_post' Click Save. Also note your SFCC instance URL (visible in your browser address bar when logged into Business Manager — it looks like abcd-001.dx.commercecloud.salesforce.com) and your Site ID (visible in Administration → Sites → Manage Sites).
Pro tip: If your SFCC instance uses OCAPI instead of SLAS (older SFCC implementations), the authentication approach is simpler — OCAPI uses only a client ID with no secret, and you configure allowed client IDs in Business Manager → Administration → Site Development → Open Commerce API Settings.
Expected result: A SLAS API Client is created in SFCC Business Manager with a client ID, client secret, and appropriate scopes. You have your SFCC instance URL and Site ID noted.
Add SFCC credentials to Lovable Cloud Secrets
Add SFCC credentials to Lovable Cloud Secrets
Store your SFCC credentials in Lovable's Cloud Secrets panel. These credentials grant access to your SFCC product catalog, order data, and customer information — they must never appear in frontend code or be committed to your Git repository. In Lovable, click the '+' icon next to the Preview label to open the Cloud panel. Click the 'Secrets' tab. Add the following secrets: SFCC_CLIENT_ID: your SLAS API Client ID (e.g., lovable-storefront-client) SFCC_CLIENT_SECRET: the generated client secret from SLAS Administration SFCC_INSTANCE_URL: your SFCC instance hostname (e.g., abcd-001.dx.commercecloud.salesforce.com — without https:// prefix, as the Edge Function constructs the full URL) SFCC_SITE_ID: your SFCC Site ID (e.g., RefArch or your custom site name) SFCC_SHORT_CODE: a short identifier for your SFCC organization, visible in your instance URLs (e.g., kv7kzm78 — it appears in API endpoint URLs like https://kv7kzm78.api.commercecloud.salesforce.com) With all five secrets saved, your Edge Functions have the complete information needed to authenticate and make API calls to SFCC.
Pro tip: SFCC's short code and instance URL are both visible in your Business Manager URLs. The short code appears in the newer Commerce API endpoints (commerce.salesforce.com domain) while the instance URL appears in OCAPI and some older endpoints.
Expected result: SFCC_CLIENT_ID, SFCC_CLIENT_SECRET, SFCC_INSTANCE_URL, SFCC_SITE_ID, and SFCC_SHORT_CODE appear in Cloud → Secrets with masked values.
Create the SFCC authentication helper and product proxy Edge Function
Create the SFCC authentication helper and product proxy Edge Function
Create the Edge Function that handles SFCC's SLAS OAuth2 client credentials flow and proxies product API calls. The function needs to do two things in sequence: first, exchange the client credentials for an access token; second, use that token to call the desired SFCC API endpoint. SFCC's SLAS token endpoint follows the OAuth2 client credentials standard: POST to https://{shortCode}.api.commercecloud.salesforce.com/shopper/auth/v1/organizations/{orgId}/oauth2/access_token with your client credentials. The response includes an access_token (valid for 30 minutes) and optionally a refresh_token. For server-side Edge Functions, re-requesting a token on each call is simpler than managing token caching, though token caching is recommended for production to avoid hitting SLAS rate limits. The product search endpoint in SFCC's Shop API is: GET https://{shortCode}.api.commercecloud.salesforce.com/product/shopper-products/v1/organizations/{orgId}/products with query parameters for IDs, siteId, locale, currency, and expand fields. The search endpoint for category browsing is: GET .../product/shopper-search/v1/organizations/{orgId}/product-search with parameters for q (search query), refine (category filter), start, and count. The code below shows the complete authentication + product search flow. For production, add token caching using a Supabase table or in-memory store to avoid authenticating on every request.
Create an Edge Function called sfcc-products at supabase/functions/sfcc-products/index.ts. It should authenticate to SFCC using SLAS OAuth2 client credentials flow with SFCC_CLIENT_ID, SFCC_CLIENT_SECRET, SFCC_SHORT_CODE, SFCC_INSTANCE_URL, and SFCC_SITE_ID from secrets. Accept query parameters for categoryId, start, and count. After getting an access token, call the SFCC Shopper Search API to fetch products by category. Return formatted product data with id, name, price, imageUrl, and shortDescription. Include CORS headers.
Paste this in Lovable chat
1import { serve } from 'https://deno.land/std@0.168.0/http/server.ts'23const corsHeaders = {4 'Access-Control-Allow-Origin': '*',5 'Access-Control-Allow-Headers': 'authorization, x-client-info, apikey, content-type',6}78async function getSFCCToken(9 shortCode: string,10 clientId: string,11 clientSecret: string,12 siteId: string13): Promise<string> {14 // For Shopper APIs, use the guest access token endpoint15 const orgId = `f_ecom_${siteId.toLowerCase()}_prd` // Adjust orgId pattern for your instance16 const tokenUrl = `https://${shortCode}.api.commercecloud.salesforce.com/shopper/auth/v1/organizations/${orgId}/oauth2/access_token`1718 const response = await fetch(tokenUrl, {19 method: 'POST',20 headers: { 'Content-Type': 'application/x-www-form-urlencoded' },21 body: new URLSearchParams({22 grant_type: 'client_credentials',23 client_id: clientId,24 client_secret: clientSecret,25 }),26 })2728 if (!response.ok) {29 const error = await response.text()30 throw new Error(`SFCC auth failed: ${response.status} - ${error}`)31 }3233 const data = await response.json()34 return data.access_token35}3637serve(async (req) => {38 if (req.method === 'OPTIONS') {39 return new Response('ok', { headers: corsHeaders })40 }4142 try {43 const url = new URL(req.url)44 const categoryId = url.searchParams.get('categoryId') || 'root'45 const start = url.searchParams.get('start') || '0'46 const count = url.searchParams.get('count') || '20'4748 const shortCode = Deno.env.get('SFCC_SHORT_CODE')49 const clientId = Deno.env.get('SFCC_CLIENT_ID')50 const clientSecret = Deno.env.get('SFCC_CLIENT_SECRET')51 const siteId = Deno.env.get('SFCC_SITE_ID')5253 if (!shortCode || !clientId || !clientSecret || !siteId) {54 throw new Error('Missing SFCC credentials in secrets')55 }5657 // Get SLAS access token58 const accessToken = await getSFCCToken(shortCode, clientId, clientSecret, siteId)5960 // Call SFCC Shopper Search API61 const orgId = `f_ecom_${siteId.toLowerCase()}_prd`62 const searchUrl = new URL(63 `https://${shortCode}.api.commercecloud.salesforce.com/product/shopper-search/v1/organizations/${orgId}/product-search`64 )65 searchUrl.searchParams.set('siteId', siteId)66 searchUrl.searchParams.set('refine', `cgid=${categoryId}`)67 searchUrl.searchParams.set('start', start)68 searchUrl.searchParams.set('count', count)69 searchUrl.searchParams.set('expand', 'images,prices')7071 const searchResponse = await fetch(searchUrl.toString(), {72 headers: { Authorization: `Bearer ${accessToken}` },73 })7475 if (!searchResponse.ok) {76 const error = await searchResponse.text()77 throw new Error(`SFCC products API error: ${searchResponse.status} - ${error}`)78 }7980 const searchData = await searchResponse.json()8182 // Normalize response format83 const products = (searchData.hits || []).map((hit: Record<string, unknown>) => ({84 id: hit.productId,85 name: hit.productName,86 price: (hit.price as number) || 0,87 imageUrl: ((hit.image as Record<string, string>)?.link) || '',88 shortDescription: hit.shortDescription || '',89 }))9091 return new Response(92 JSON.stringify({ products, total: searchData.total, start: searchData.start }),93 { headers: { ...corsHeaders, 'Content-Type': 'application/json' } }94 )95 } catch (error) {96 return new Response(97 JSON.stringify({ error: error.message }),98 { status: 500, headers: { ...corsHeaders, 'Content-Type': 'application/json' } }99 )100 }101})Pro tip: The SFCC organization ID format varies by instance. The common pattern is f_ecom_{siteId}_prd for production or f_ecom_{siteId}_stg for staging. Your SFCC administrator can confirm the exact orgId for your instance — it also appears in your Business Manager's Merchant Tools → Site Preferences → Custom Site Preference Groups.
Expected result: The sfcc-products Edge Function is deployed. It authenticates to SFCC via SLAS and fetches products by category ID. Test it from Cloud → Edge Functions with a GET request containing your SFCC category ID.
Build the product listing page in Lovable React
Build the product listing page in Lovable React
With the Edge Function deployed, create the product listing page in your Lovable app that calls the SFCC proxy and renders the catalog. Use supabase.functions.invoke() or a direct fetch to the Edge Function URL with category and pagination parameters. For the product listing UI, consider the standard SFCC storefront patterns: a category navigation sidebar, a product grid with images and prices, pagination controls, sort options (price asc/desc, new arrivals, best sellers), and filter refinements by color, size, or brand. You can ask Lovable to generate these components in a single prompt, specifying the data shape from your Edge Function. For cart integration, create a second Edge Function (sfcc-cart) that proxies to SFCC's Baskets API. Store the SFCC basket ID in localStorage on the client side and pass it with each cart operation. When the basket ID expires (SFCC baskets expire after 14 days by default), create a new basket automatically. For production deployments with significant catalog size, implement client-side caching of category and product data using React Query or SWR — this avoids re-fetching SFCC data on every page navigation and reduces SFCC API quota consumption. For complex enterprise implementations spanning multiple SFCC catalogs, locales, and currencies, RapidDev's team can help architect the full headless commerce pattern.
Create a product listing page at /products that calls the sfcc-products Edge Function with categoryId='root' and count=24. Display the products in a 3-column grid with product image, name, and price. Add a loading skeleton while fetching. Add pagination buttons (Previous / Next) that update the start parameter. Handle empty states and error states. Make each product card clickable, navigating to /products/{productId}.
Paste this in Lovable chat
Pro tip: SFCC product images are served from SFCC's CDN, so image URLs from the API will be on your SFCC instance domain. Make sure your Content Security Policy (if configured) allows images from your SFCC hostname.
Expected result: The product listing page renders live products from your SFCC catalog with images, names, and prices. Pagination works correctly. Cloud → Logs confirms Edge Function executions are succeeding.
Common use cases
Build a product listing page using live SFCC catalog data
Create a React page in Lovable that fetches products from your SFCC catalog via an Edge Function proxy. The Edge Function authenticates to SFCC with SLAS client credentials, calls the Shop API's product search endpoint with your category ID and pagination parameters, and returns formatted product data to the React component for rendering.
Create an Edge Function called sfcc-products that fetches products from Salesforce Commerce Cloud. It should use SFCC_CLIENT_ID, SFCC_CLIENT_SECRET, SFCC_INSTANCE_URL, and SFCC_SITE_ID from secrets. First get a SLAS access token via the OAuth2 client credentials flow at /oauth2/access_token. Then call the SFCC Shop API product search endpoint with category ID, start, and count query params. Return formatted product data. Then create a product listing page in React that calls this Edge Function and displays product images, names, and prices in a grid.
Copy this prompt to try it in Lovable
Implement add-to-cart and session-based cart management
Build cart functionality in Lovable that proxies to SFCC's basket API. An Edge Function creates a guest basket in SFCC, adds items by product ID, applies promotions, and returns the current cart state. The basket token is stored client-side and passed with subsequent cart operations to maintain session continuity.
Create an Edge Function called sfcc-cart that manages SFCC basket operations. It should accept { action, basketId, productId, quantity } where action is 'create', 'add', 'remove', or 'get'. Use SLAS authentication with credentials from secrets. Proxy to SFCC Baskets API endpoints. Return the updated basket with line items, totals, and promotions. Then add an Add to Cart button to my product page that calls this Edge Function.
Copy this prompt to try it in Lovable
Display SFCC customer order history in a Lovable account dashboard
Build a customer account page that shows order history pulled from SFCC. The Edge Function authenticates on behalf of the logged-in customer using their SFCC customer ID, calls the Orders API, and returns order summaries. This gives your Lovable app a modern account dashboard backed by SFCC's order management system.
Create an Edge Function called sfcc-orders that fetches order history for a customer from Salesforce Commerce Cloud. Accept { customerId } in the request body. Use SLAS credentials from secrets to get an access token. Call the SFCC Shop API Orders endpoint for the customer. Return orders with status, total, items summary, and tracking information. Create a My Orders page in Lovable that calls this Edge Function for the logged-in user.
Copy this prompt to try it in Lovable
Troubleshooting
SLAS authentication returns 401 with 'invalid_client' error
Cause: The SFCC_CLIENT_ID or SFCC_CLIENT_SECRET does not match a valid SLAS API Client, or the client was not configured with the correct 'token endpoint auth method' (must be 'client_secret_post' for the client credentials flow).
Solution: Log in to SFCC Business Manager → Administration → Site Development → SLAS Administration. Verify the API Client exists with the exact client ID stored in your secret. Check that the token endpoint auth method is set to 'client_secret_post'. If the secret was incorrectly copied, regenerate it in SLAS Administration and update the SFCC_CLIENT_SECRET secret in Cloud → Secrets, then redeploy the Edge Function.
SFCC product search returns 403 Forbidden even after successful authentication
Cause: The SLAS API Client does not have the required API scopes, or the SFCC site's OCAPI/Commerce API settings do not allow the client ID to access product search endpoints.
Solution: In SFCC Business Manager, go to Administration → Site Development → SLAS Administration → your API client → Scopes. Ensure sfcc.products.rw and sfcc.shopper-productSearch.read (or equivalent scopes for your SFCC version) are listed. Also check Administration → Site Development → Open Commerce API Settings (if using OCAPI) and verify your client ID is in the allowed clients list for the Shop endpoint you are calling.
Edge Function returns 'SFCC auth failed' with status 400 and message 'invalid_grant'
Cause: The organization ID (orgId) used in the SLAS token endpoint URL is incorrect. The orgId pattern varies by SFCC instance and must match exactly.
Solution: Contact your SFCC administrator to confirm the exact organization ID for your instance. It is visible in Business Manager → Administration → Global Preferences → Global Preferences (under Org ID). The common pattern is f_ecom_{siteId}_prd but your instance may use a different format. Update the orgId construction logic in your Edge Function or store it as a separate SFCC_ORG_ID secret.
1// Store orgId as a secret instead of constructing it:2const orgId = Deno.env.get('SFCC_ORG_ID') // e.g., 'f_ecom_mysite_prd'3// Remove the dynamic orgId construction lineProducts appear in SFCC Business Manager but the API returns empty results or zero hits
Cause: The products are not assigned to a storefront catalog or the category ID used in the query does not exist in the site's catalog.
Solution: In SFCC Business Manager, go to Merchant Tools → Products → Product Catalog and verify products are assigned to the site's catalog (not just the master catalog). Also verify the category ID you are using in the refine parameter exists in the storefront catalog — check Merchant Tools → Navigation & Categories → Category Management. The root category ID varies by implementation (common values are 'root', 'mens', 'womens') — use the SFCC category browser to find the correct IDs.
Best practices
- Implement token caching for SFCC SLAS access tokens — they are valid for 30 minutes, and requesting a new token on every Edge Function call is wasteful. Cache the token and expiry in Supabase and reuse it until 5 minutes before expiry.
- Separate your SFCC Edge Functions by domain (sfcc-products, sfcc-cart, sfcc-orders, sfcc-customer) rather than building one monolithic proxy — this makes each function easier to maintain and debug independently.
- Always proxy SFCC API calls through Edge Functions — never call SFCC APIs directly from your React frontend, as this would expose your client credentials and violate SFCC's API terms.
- Test against the SFCC staging environment (use SFCC_INSTANCE_URL pointing to your staging instance) before pointing to production — SFCC staging instances are isolated from production inventory.
- Store the SFCC organization ID as an explicit secret (SFCC_ORG_ID) rather than constructing it dynamically from the site ID — the construction pattern varies across SFCC implementations and getting it wrong causes hard-to-debug authentication failures.
- For product images, use SFCC's image transformation parameters (sw=400&sh=400&sm=fit) in the image URLs to request appropriately sized thumbnails rather than full-resolution images — this significantly improves page load performance.
- Monitor your SFCC API quota usage in Business Manager → Administration → Operations → Usage Monitor — Commerce API calls are rate-limited and exceeding quotas during peak traffic can cause your Lovable app to show blank product pages.
Alternatives
Choose the base Salesforce CRM integration if your use case is contact management, sales pipeline, and CRM data — not e-commerce storefront functionality.
Choose HubSpot if you need CRM and marketing automation with a generous free tier and simpler API, without the enterprise e-commerce features of SFCC.
Choose Shopify's native Lovable connector if you are building a new e-commerce app — Shopify offers a far simpler integration path than SFCC for non-enterprise scale.
Frequently asked questions
What is the difference between Salesforce Commerce Cloud and base Salesforce CRM?
Salesforce Commerce Cloud (formerly Demandware) is an enterprise e-commerce platform for running online storefronts — product catalogs, shopping carts, checkout, and order management. Base Salesforce (Sales Cloud, Service Cloud) is a CRM for managing customer relationships, leads, opportunities, and support tickets. They are separate products that can be connected but serve completely different purposes. This guide covers Commerce Cloud for e-commerce headless frontend use cases.
Is SFCC suitable for a startup building a new e-commerce app in Lovable?
No — SFCC is an enterprise platform with minimum contracts typically starting at $150,000+ per year. It is designed for retailers with large product catalogs, complex pricing rules, multi-site requirements, and high transaction volumes. For a startup building an e-commerce app in Lovable, Shopify is the appropriate choice — it has a native Lovable connector, clear pricing starting free, and a complete headless commerce API (Storefront API). This guide is for teams that already have an SFCC investment and want a modern Lovable frontend on top of it.
What is the difference between SFCC's OCAPI and the newer Commerce API / SLAS?
OCAPI (Open Commerce API) is SFCC's older API layer that uses client ID authentication without OAuth2 client secrets. It is still widely deployed and reliable, but Salesforce is directing new development toward the newer Commerce API with SLAS (Shopper Login and API Access Service), which uses modern OAuth2 flows. If your SFCC instance was deployed before 2020, it likely uses OCAPI. Newer instances support both. Ask your SFCC administrator which API version is configured for your site.
How do I handle SFCC shopper authentication for logged-in customer features?
SFCC shopper authentication (login, registration, account management) uses a different OAuth2 flow than the server-to-server client credentials flow covered in this guide. For shopper auth, you implement the SLAS PKCE flow: your Edge Function generates a code challenge, redirects the shopper to SFCC's login page, receives the authorization code callback, and exchanges it for a shopper access token. This shopper token is then used for personalized operations like saved cart, order history, and wishlists. Implementing this correctly requires additional Edge Functions for the OAuth callback and token management.
Can Lovable replace the entire SFCC storefront, including checkout?
Lovable can build the product browsing, search, and cart experience as a headless frontend over SFCC's APIs. For checkout, SFCC provides a checkout API (Shopper Orders API) that covers address collection, shipping method selection, payment authorization, and order submission. However, payment processing in SFCC typically goes through Salesforce's Order Management System and their payment integrations — implementing the full checkout flow requires careful coordination with your SFCC platform team and thorough testing before go-live.
Talk to an Expert
Our team has built 600+ apps. Get personalized help with your project.
Book a free consultation