Document Tree
Document Properties
Last Modified
Added to KB
Public Access
Doc Type
  • ICM 7.10
  • ICM 11
  • Intershop Progressive Web App
Concept - Integration of Progressive Web App and Responsive Starter Store (valid from


This document is valid from ICM and 7.10.38-9-LTS.

For previous versions, refer to Concept - Integration of Progressive Web App and inSPIRED Storefront (valid to

The API token login feature enables customers to log in to both the Progressive Web App (PWA) or any other REST-based clients and the Responsive Starter Store. 

This feature can be useful if certain elements of the PWA (e.g., product listing), but also elements of the Responsive Starter Store (e.g., checkout) should be used together in a project. 



ICMThe abbreviation for Intershop Commerce Management
PWAThe abbreviation for Progressive Web App


The API token login can be enabled generally or domain-specifically. Therefore consider the following settings:

  • General:
    In the, the following property must be configured:
  • Site-specific:
    The same property intershop.apitoken.cookie.enabled=true has to be set in the domain-specific configuration of the site.


The PWA must have cookies enabled. If this is the case, a cookie is written when the ICM application server processes a request (page is not cached by the web adapter).

The cookie named apiToken contains a JSON object with the API token.

The attribute 'isAnonymous' indicates the authentication state:

  • 'true' for anonymous users
  • 'false' for authenticated users

When the ICM starts handling a request and the cookie is present, the ICM ensures that the user is logged in or an anonymous basket is retrieved.
For technical reasons, ICM overwrites the PWA cookie with its own cookie. The difference is that another JSON attribute is added, which is called creator='icm'.

If the user is logged into the ICM but no cookie is available when the ICM takes over, the user will be logged out.


The feature is based on the assumption that PWA and ICM can read and write each other's cookies. That means that both cookies must have the same domain and the same path. Therefore, the feature only works if PWA and ICM are running in the same domain.

ICM Cookie Handling

When does ICM write the cookie?

  • The feature is active and the ICM application server processes a request.

When does ICM delete the cookie?

  • The feature is active and the token inside the cookie is invalid.

The detailed workflow is as follows:


intershop.apitoken.cookie.enabled'true', if the feature should be active, otherwise anything else.
intershop.apitoken.cookie.nameIf the cookie should not be named 'apiToken', set an alternative name here.
intershop.apitoken.cookie.maxageThe maximum age of the cookie. Since our session is 60 minutes long, the default is 60.
intershop.apitoken.cookie.commentThe API allows to set a comment, which can be set here.
intershop.apitoken.cookie.sslmode'true', if the cookie should be SSL-only. The feature will not work if ICM or PWA still use HTTP.

Hint for Customization

Pipeline Calls / Log in and Out

The pipeline UserLogin is called. For the login, the start-node LoginUser is called. For the logout, the start-node Logout is called.
This pipeline does what is done for login and logout in the platform. In f_business, the pipeline is overwritten to call the pipelines for ProcessUser .

If there are additional tasks in customer projects when a user is logged in, further overwriting may be necessary.

The information provided in the Knowledge Base may not be applicable to all systems and situations. Intershop Communications will not be liable to any party for any direct or indirect damages resulting from the use of the Customer Support section of the Intershop Corporate Web site, including, without limitation, any lost profits, business interruption, loss of programs or other data on your information handling system.
The Intershop Knowledge Portal uses only technically necessary cookies. We do not track visitors or have visitors tracked by 3rd parties. Please find further information on privacy in the Intershop Privacy Policy and Legal Notice.
Knowledge Base
Product Releases
Log on to continue
This Knowledge Base document is reserved for registered customers.
Log on with your Intershop Entra ID to continue.
Write an email to if you experience login issues,
or if you want to register as customer.