Announcement: You can find the guides for Commerce 7.5 and later on the new Elastic Path Documentation site. The Developer Center continues to support Commerce 6.13.0 through 7.4.1.Visit new site

6. Configuring Trust Headers

6. Configuring Trust Headers

Cortex API requires a confidential key, a trust header, to communicate with its OAuth2 endpoint; otherwise, communications with Cortex API will fail.

To configure this trust header, you need to create two configuration files: authTrustHeader.config and authClientTrustHeader.config following the instructions below.

Configuring Shared Secret for Trusted Sources

A trust header is a confidential key an OAuth2 endpoint uses to authenticate to Cortex API's authentication endpoint. Both your OAuth2 endpoint and Cortex API's authentication endpoint must have the same trust header for authentication requests to validate.

The following steps describe how to configure the trust header for both the Cortex API's authentication endpoint and the out-of-the-box OAuth2 endpoint:

1. Create the Configuration Directory

  • For Windows: C:\etc\ep\cortex\system\config
  • For Linux: /etc/ep/cortex/system/config

2. Set the authentication endpoint trust header

  1. In your cortex/system/config directory, create a file named authTrustHeader.config.
  2. In authTrustHeader.config, add the following fields and define your trust header field value:
    relos.trust.header.field.VALUE="<secret trust header>"
    relos.trust.header.field.NAME="x-ep-trust-header"

3. Set the OAuth2 endpoint trust header

  1. In your cortex/system/config directory, create a file named authClientTrustHeader.config.
  2. In authClientTrustHeader.config, add the following fields and define your trust header field value:
    relos.trust.header.field.VALUE="<secret trust header>"
    relos.trust.header.field.NAME="x-ep-trust-header"