Spryker Documentation

Migration status - Glue API to API Platform

Mon, 11 May 2026 12:19:49 +0000

This document tracks Spryker's migration of API-providing modules to the **API Platform** (built on Symfony and the API Platform library). Use it to plan upgrades and check the current status of every module. {% info_block infoBox "Looking for the integration guide?" %} This page does **not** describe how to integrate API Platform into your project. For step-by-step integration instructions, see: - [Migrate to API Platform](/docs/dg/dev/upgrade-and-migrate/migrate-to-api-platform.html) - [Integrate API Platform](/docs/dg/dev/upgrade-and-migrate/integrate-api-platform.html) - [Integrate API Platform security](/docs/dg/dev/upgrade-and-migrate/integrate-api-platform-security.html) - [API Platform architecture](/docs/dg/dev/architecture/api-platform.html) {% endinfo_block %} ## Why Spryker is moving to API Platform API Platform replaces Spryker-specific patterns for routing, authentication, and resource definition with industry-standard Symfony conventions, automatic OpenAPI schema generation, and a clean separation between resource schema, provider, and validation. | Aspect | Previous infrastructure | API Platform | |---|---|---| | Bootstrap | Spryker-specific application bootstrap | Symfony Kernel-based routing | | Resource registration | Manual plugin registration in `GlueApplicationDependencyProvider` | Declarative YAML resource definitions (`*.resource.yml`) | | Authentication | Custom flows per module | Standard OAuth2 / Symfony Security | | Coupling | Tight coupling between resource and routing logic | Clean separation: provider + resource schema + validation | | Testability | Complex to test and extend | Symfony-native, testable with standard PHPUnit patterns | | OpenAPI | Manual / partial | Automatic OpenAPI schema generation | ## General migration workflow For any module marked **Migrated**, projects upgrade in three high-level steps. Detailed instructions are in the linked integration guides above. 1. **Update the module to the API Platform-enabled version** Pull the new module version that ships the `*.resource.yml` schema and Provider class: ```bash composer update spryker/ ``` 2. **Remove the previous resource plugins** In your project's `GlueApplicationDependencyProvider`, remove the previous plugin registrations for the migrated module - typically a `ResourceRoutePlugin` (and any related `ResourceRelationshipPlugin` / expander plugins) registered in `getResourceRoutePlugins()`. For **extension-only** modules, remove or replace the corresponding plugin wiring in the parent module's dependency provider as indicated in the module's release notes. 3. **Clear caches and verify** ```bash vendor/bin/glue cache:clear vendor/bin/glue api:generate ``` Confirm the endpoint is served by API Platform by hitting it against your local Glue host - the response is now produced by the new Symfony-based stack. {% info_block infoBox "Parallel operation" %} The previous API stack and API Platform run **side by side** during the transition. You can migrate modules incrementally; modules that have not been migrated continue to be served by the previous stack. {% endinfo_block %} ### Status legend | Status | Meaning | |---|---| | Migrated | Module is available on API Platform and production-ready. | | Planned | Module is scheduled or queued for migration to API Platform. | ## Storefront API modules All StorefrontAPI and Extension-only StorefrontAPI modules. Migrated modules are listed first. | Module | Category | Status | Key endpoints | |---|---|----------|---| | ContentProductAbstractListsRestApi | StorefrontAPI | Migrated | GET /content-product-abstract-lists/{id}
GET /content-product-abstract-lists/{id}/abstract-products | | MerchantOpeningHoursRestApi | StorefrontAPI | Migrated | GET /merchants/{id}/merchant-opening-hours | | MerchantCategoriesRestApi | Extension-only StorefrontAPI | Migrated | MerchantsRestApi | | MerchantProductOffersRestApi | StorefrontAPI | Migrated | GET /concrete-products/{id}/product-offers
GET /product-offers/{id} | | MerchantProductOfferServicePointAvailabilitiesRestApi | Extension-only StorefrontAPI | Migrated | (transfer-only) | | MerchantsRestApi | StorefrontAPI | Migrated | GET /merchants
GET /merchants/{id}
GET /merchants/{id}/merchant-addresses | | OrderPaymentsRestApi | StorefrontAPI | Migrated | POST /order-payments | | PaymentsRestApi | StorefrontAPI | Migrated | POST /payments
POST /payment-cancellations
POST /payment-customers | | ProductAvailabilitiesRestApi | StorefrontAPI | Migrated | GET /abstract-products/{id}/abstract-product-availabilities
GET /concrete-products/{id}/concrete-product-availabilities | | ProductOfferAvailabilitiesRestApi | StorefrontAPI | Migrated | GET /product-offers/{id}/product-offer-availabilities | | ProductOfferServicePointAvailabilitiesRestApi | StorefrontAPI | Migrated | POST /product-offer-service-point-availabilities | | ProductOfferPricesRestApi | StorefrontAPI | Migrated | GET /product-offers/{id}/product-offer-prices | | ProductPricesRestApi | StorefrontAPI | Migrated | GET /abstract-products/{id}/abstract-product-prices
GET /concrete-products/{id}/concrete-product-prices | | ProductTaxSetsRestApi | StorefrontAPI | Migrated | GET /abstract-products/{id}/product-tax-sets | | ProductsRestApi | StorefrontAPI | Migrated | GET /abstract-products/{id}
GET /concrete-products/{id} | | ShipmentTypeProductOfferServicePointAvailabilitiesRestApi | Extension-only StorefrontAPI | Migrated | ProductOfferServicePointAvailabilitiesRestApi | | StoresApi | StorefrontAPI | Migrated | GET /stores | | AgentAuthRestApi | StorefrontAPI | Migrated | POST /agent-access-tokens
POST /agent-customer-impersonation-access-tokens
GET /agent-customer-search | | AlternativeProductsRestApi | StorefrontAPI | Planned | GET /abstract-products/{id}/related-products
GET /concrete-products/{id}/abstract-alternative-products
GET /concrete-products/{id}/concrete-alternative-products | | AuthRestApi | StorefrontAPI | Migrated | POST /token
POST /access-tokens
POST /refresh-tokens
DELETE /refresh-tokens/{id} | | AvailabilityNotificationsRestApi | StorefrontAPI | Planned | POST /availability-notifications
DELETE /availability-notifications/{id}
GET /my-availability-notifications
GET /customers/{id}/availability-notifications | | CartCodesRestApi | StorefrontAPI | Migrated | POST /carts/{id}/cart-codes
DELETE /carts/{id}/cart-codes/{id}
POST /guest-carts/{id}/cart-codes
DELETE /guest-carts/{id}/cart-codes/{id} | | CartPermissionGroupsRestApi | StorefrontAPI | Planned | GET /cart-permission-groups
GET /cart-permission-groups/{id} | | CartReorderRestApi | StorefrontAPI | Migrated | POST /cart-reorder | | CartsRestApi | StorefrontAPI | Migrated | GET,POST /carts
GET,PATCH,DELETE /carts/{id}
POST /carts/{id}/items
PATCH,DELETE /carts/{id}/items/{id}
GET /guest-carts
GET,PATCH /guest-carts/{id}
POST /guest-carts/{id}/guest-cart-items
PATCH,DELETE /guest-carts/{id}/guest-cart-items/{id}
GET /customers/{id}/carts | | CatalogSearchRestApi | StorefrontAPI | Migrated | GET /catalog-search
GET /catalog-search-suggestions | | CategoriesRestApi | StorefrontAPI | Migrated | GET /category-trees
GET /category-nodes/{id} | | CheckoutRestApi | StorefrontAPI | Planned | POST /checkout-data
POST /checkout | | CmsPagesRestApi | StorefrontAPI | Planned | GET /cms-pages
GET /cms-pages/{id} | | CompaniesRestApi | StorefrontAPI | Migrated | GET /companies
GET /companies/{id} | | CompanyBusinessUnitAddressesRestApi | StorefrontAPI | Planned | GET /company-business-unit-addresses
GET /company-business-unit-addresses/{id} | | CompanyBusinessUnitsRestApi | StorefrontAPI | Planned | GET /company-business-units
GET /company-business-units/{id} | | CompanyRolesRestApi | StorefrontAPI | Planned | GET /company-roles
GET /company-roles/{id} | | CompanyUserAuthRestApi | StorefrontAPI | Planned | POST /company-user-access-tokens | | CompanyUsersRestApi | StorefrontAPI | Planned | GET /company-users
GET /company-users/{id} | | ConfigurableBundleCartsRestApi | StorefrontAPI | Planned | POST /carts/{id}/configured-bundles
PATCH,DELETE /carts/{id}/configured-bundles/{id}
POST,PATCH,DELETE /guest-carts/{id}/guest-configured-bundles/{id} | | ConfigurableBundlesRestApi | StorefrontAPI | Planned | GET /configurable-bundle-templates
GET /configurable-bundle-templates/{id} | | ContentBannersRestApi | StorefrontAPI | Planned | GET /content-banners/{id} | | CustomerAccessRestApi | StorefrontAPI | Migrated | GET /customer-access | | CustomersRestApi | StorefrontAPI | Migrated | GET,POST /customers
GET,PATCH,DELETE /customers/{id}
GET,POST /customers/{id}/addresses
GET,PATCH,DELETE /customers/{id}/addresses/{id}
POST /customer-forgotten-password
PATCH /customer-restore-password/{id}
PATCH /customer-password/{id}
POST /customer-confirmation | | DiscountPromotionsRestApi | Extension-Only-StorefrontAPI | Planned | CartsRestApi, CartCodesRestApi | | DiscountsRestApi | StorefrontAPI | Migrated | POST /carts/{id}/vouchers
DELETE /carts/{id}/vouchers/{id}
POST /guest-carts/{id}/vouchers
DELETE /guest-carts/{id}/vouchers/{id} | | EntityTagsRestApi | Extension-only StorefrontAPI | Planned | GlueApplication | | GiftCardsRestApi | Extension-only StorefrontAPI | Migrated | GlueApplication | | MerchantProductOfferServicePointAvailabilitiesRestApi | Extension-only StorefrontAPI | Planned | (transfer-only) | | MerchantProductOfferShoppingListsRestApi | Extension-only StorefrontAPI | Planned | (transfer-only) | | MerchantProductOfferWishlistRestApi | Extension-only StorefrontAPI | Planned | WishlistsRestApi | | MerchantProductShoppingListsRestApi | Extension-only StorefrontAPI | Planned | (transfer-only) | | MerchantProductsRestApi | Extension-only StorefrontAPI | Planned | CartsRestApi | | MerchantRelationshipProductListsRestApi | Extension-only StorefrontAPI | Planned | CustomersRestApi | | MerchantSalesReturnsRestApi | Extension-only StorefrontAPI | Planned | (transfer-only) | | MerchantShipmentsRestApi | Extension-only StorefrontAPI | Planned | ShipmentsRestApi | | MultiCartsRestApi | Extension-only StorefrontAPI | Migrated | CartsRestApi | | NavigationsRestApi | StorefrontAPI | Migrated | GET /navigations/{id} | | OauthApi | StorefrontAPI | Migrated | POST /token | | OmsRestApi | Extension-only StorefrontAPI | Planned | OrdersRestApi | | OrderAmendmentsRestApi | Extension-only StorefrontAPI | Planned | OrdersRestApi, CartsRestApi, CartReorderRestApi | | OrdersRestApi | StorefrontAPI | Planned | GET /orders
GET /orders/{id}
GET /customers/{id}/orders | | PriceProductOfferVolumesRestApi | Extension-only StorefrontAPI | Planned | ProductOfferPricesRestApi | | PriceProductVolumesRestApi | Extension-only StorefrontAPI | Planned | ProductPricesRestApi | | ProductAttributesRestApi | StorefrontAPI | Migrated | GET /product-management-attributes
GET /product-management-attributes/{id} | | ProductBundleCartsRestApi | Extension-only StorefrontAPI | Planned | CartsRestApi, ShipmentsRestApi | | ProductBundlesRestApi | StorefrontAPI | Planned | GET /concrete-products/{id}/bundled-products | | ProductConfigurationShoppingListsRestApi | Extension-only StorefrontAPI | Planned | ShoppingListsRestApi | | ProductConfigurationWishlistsRestApi | Extension-only StorefrontAPI | Planned | WishlistsRestApi | | ProductConfigurationsPriceProductVolumesRestApi | Extension-only StorefrontAPI | Planned | ProductConfigurationsRestApi, ProductConfigurationShoppingListsRestApi, ProductConfigurationWishlistsRestApi | | ProductConfigurationsRestApi | Extension-only StorefrontAPI | Planned | ProductsRestApi, CartsRestApi, OrdersRestApi | | ProductDiscontinuedRestApi | Extension-only StorefrontAPI | Planned | ProductsRestApi | | ProductImageSetsRestApi | StorefrontAPI | Migrated | GET /abstract-products/{id}/abstract-product-image-sets
GET /concrete-products/{id}/concrete-product-image-sets | | ProductLabelsRestApi | StorefrontAPI | Planned | GET /product-labels/{id} | | ProductMeasurementUnitsRestApi | StorefrontAPI | Planned | GET /product-measurement-units/{id}
GET /concrete-products/{id}/sales-units | | ProductOfferSalesRestApi | Extension-only StorefrontAPI | Planned | (transfer-only) | | ProductOfferShoppingListsRestApi | Extension-only StorefrontAPI | Planned | (transfer-only) | | ProductOffersRestApi | Extension-only StorefrontAPI | Planned | ProductsRestApi | | ProductOptionsRestApi | Extension-only StorefrontAPI | Planned | CartsRestApi, OrdersRestApi, ProductsRestApi, QuoteRequestsRestApi | | ProductReviewsRestApi | StorefrontAPI | Planned | GET,POST /abstract-products/{id}/product-reviews
GET /abstract-products/{id}/product-reviews/{id} | | QuoteRequestAgentsRestApi | StorefrontAPI | Planned | GET,POST /agent-quote-requests
GET,PATCH /agent-quote-requests/{id}
POST /agent-quote-requests/{id}/agent-quote-request-cancel
POST /agent-quote-requests/{id}/agent-quote-request-revise
POST /agent-quote-requests/{id}/agent-quote-request-send-to-customer | | QuoteRequestsRestApi | StorefrontAPI | Planned | GET,POST /quote-requests
GET,PATCH /quote-requests/{id}
POST /quote-requests/{id}/quote-request-cancel
POST /quote-requests/{id}/quote-request-revise
POST /quote-requests/{id}/quote-request-send-to-user
POST /quote-requests/{id}/quote-request-convert-to-quote | | RelatedProductsRestApi | StorefrontAPI | Planned | GET /abstract-products/{id}/related-products | | SalesOrderThresholdsRestApi | Extension-only StorefrontAPI | Planned | CartsRestApi, CheckoutRestApi | | SalesReturnsRestApi | StorefrontAPI | Planned | GET /return-reasons
GET,POST /returns
GET /returns/{id} | | SecurityBlockerRestApi | Extension-only StorefrontAPI | Planned | GlueApplication | | ServicePointCartsRestApi | Extension-only StorefrontAPI | Planned | CheckoutRestApi | | ServicePointsRestApi | StorefrontAPI | Planned | GET /service-points
GET /service-points/{id}
GET /service-points/{id}/service-point-addresses/{id} | | SharedCartsRestApi | StorefrontAPI | Planned | POST /carts/{id}/shared-carts
PATCH,DELETE /shared-carts/{id} | | ShipmentTypeServicePointsRestApi | Extension-only StorefrontAPI | Planned | CheckoutRestApi, ShipmentsRestApi, ShipmentTypesRestApi | | ShipmentTypesRestApi | StorefrontAPI | Planned | GET /shipment-types
GET /shipment-types/{id} | | ShipmentsRestApi | Extension-only StorefrontAPI | Planned | CheckoutRestApi, OrdersRestApi, QuoteRequestsRestApi | | ShoppingListsRestApi | StorefrontAPI | Planned | GET,POST /shopping-lists
GET,PATCH,DELETE /shopping-lists/{id}
POST /shopping-lists/{id}/shopping-list-items
PATCH,DELETE /shopping-lists/{id}/shopping-list-items/{id} | | TaxAppRestApi | StorefrontAPI | Planned | POST /tax-id-validate | | UpSellingProductsRestApi | StorefrontAPI | Planned | GET /carts/{id}/up-selling-products
GET /guest-carts/{id}/up-selling-products | | UrlsRestApi | StorefrontAPI | Planned | GET /url-resolver | | WishlistsRestApi | StorefrontAPI | Planned | GET,POST /wishlists
GET,PATCH,DELETE /wishlists/{id}
POST /wishlists/{id}/wishlist-items
PATCH,DELETE /wishlists/{id}/wishlist-items/{id} | ## Backend API modules All BackendAPI modules tracked in the migration scope. | Module | Category | Status | Key endpoints | |---|---|---|---| | CartNotesBackendApi | Extension-Only BackendAPI | Planned | SalesOrdersBackendApi | | CategoriesBackendApi | BackendAPI | Planned | GET,POST /categories
GET,PATCH /categories/{id} | | DynamicEntityBackendApi | BackendAPI | Planned | GET,POST,PATCH,PUT /dynamic-entity/{entity-name} (~62 auto-generated entity endpoints) | | OauthBackendApi | BackendAPI | Planned | POST /token | | PickingListsBackendApi | BackendAPI | Planned | GET /picking-lists
GET /picking-lists/{id}
PATCH /picking-lists/{id}/picking-list-items/{id}
POST /start-picking | | PickingListsUsersBackendApi | Extension-Only BackendAPI | Planned | PickingListsBackendApi | | PickingListsWarehousesBackendApi | Extension-Only BackendAPI | Planned | PickingListsBackendApi | | ProductAttributesBackendApi | BackendAPI | Planned | GET,POST /product-attributes
GET,PATCH /product-attributes/{id} | | ProductImageSetsBackendApi | BackendAPI | Planned | GET /concrete-product-image-sets | | ProductPackagingUnitsBackendApi | Extension-Only BackendAPI | Planned | PickingListsBackendApi | | ProductsBackendApi | BackendAPI | Planned | GET,POST /product-abstract
DELETE,GET,PATCH /product-abstract/{id} | | PushNotificationsBackendApi | BackendAPI | Planned | GET,POST /push-notification-providers
PATCH,DELETE /push-notification-providers/{id}
POST /push-notification-subscriptions | | SalesOrdersBackendApi | BackendAPI | Planned | GET /sales-orders | | ServicePointsBackendApi | BackendAPI | Planned | GET,POST /service-points
GET,PATCH /service-points/{id}
GET,POST /service-point-addresses
PATCH /service-points/{id}/service-point-addresses/{id}
GET,POST /service-types
GET,PATCH /service-types/{id}
GET,POST /services
GET,PATCH /services/{id} | | ShipmentTypesBackendApi | BackendAPI | Planned | GET,POST /shipment-types
GET,PATCH /shipment-types/{id} | | ShipmentsBackendApi | BackendAPI | Planned | GET /sales-shipments | | StoresBackendApi | BackendAPI | Planned | GET,POST,PATCH /stores | | UsersBackendApi | BackendAPI | Planned | GET /users | | WarehouseOauthBackendApi | BackendAPI | Planned | POST /warehouse-tokens | | WarehouseUsersBackendApi | BackendAPI | Planned | GET,POST /warehouse-user-assignments
GET,PATCH,DELETE /warehouse-user-assignments/{id} | | WarehousesBackendApi | BackendAPI | Planned | GET /warehouses |

Spryker Core Back Office feature overview

Thu, 07 May 2026 18:46:30 +0000

A Spryker-based shop ships with a comprehensive, intuitive administration area and consists of numerous features that give you a strong hold over the customization of your store. Here you can tailor features to your specific needs, manage orders, products, and customers, and modify the look and feel of your store by—for example, designing eye-catching marketing campaigns and promotions, and much more. The Spryker Back Office provides you with a variety of sections that are logically connected to each other. {% info_block infoBox "Spryker Back Office" %} It provides the product and content management capabilities, categories and navigation building blocks, search and filter customizations, barcode generator, order handling, company structure creation (*for B2B users*), and merchant-buyer contracts' setup. {% endinfo_block %} With Spryker Back Office, you can do the following: - Manage orders placed by your customers as well as create orders for customers. - Create and manage customers. - Build and manage product categories. - Create and manage CMS blocks and pages. - Handle translations. - Manage products and all elements related to them (availability, labels, options, types). - Customize search and filters for the online store. - Create and manage discounts. - Build and manage the main navigation of your online store. - Create new carrier companies and shipment methods as well as manage those. - Create admin users, and add roles and user groups. Depending on the roles and teams in your project, you can limit the access of different Back Office users to specific Back Office areas. **Back Office provides both B2B and B2C capabilities.** {% info_block infoBox "Info" %} The following diagram shows what features are used for both *B2B and B2C* and which are *B2B-specific*. {% endinfo_block %} ![B2B and B2C features](https://spryker.s3.eu-central-1.amazonaws.com/docs/scos/user/features/spryker-core-back-office-feature-overview/spryker-core-back-office-feature-overview.md/b2b-and-b2c-features.png) You can always define what exactly is going to be needed for your specific project. ## Related Business User documents |BACK OFFICE USER GUIDES| |---| | [Get a general idea of the Back Office Translations](/docs/pbc/all/back-office/latest/base-shop/back-office-translations-overview.html) | ## Related Developer articles |INSTALLATION GUIDES | REFERENCES| |---------|---------| | [Install the Spryker Core Back Office feature](/docs/pbc/all/identity-access-management/latest/install-and-upgrade/install-the-spryker-core-back-office-feature.html) | [Back Office Translations overview](/docs/pbc/all/back-office/latest/base-shop/back-office-translations-overview.html) | | [Microsoft Azure Active Directory](/docs/pbc/all/identity-access-management/latest/install-and-upgrade/install-microsoft-azure-active-directory.html) | [Users and rights overview](/docs/pbc/all/user-management/latest/base-shop/user-and-rights-overview.html) | | [Install Federated Authentication via OAuth2/OIDC](/docs/pbc/all/oauth/latest/install-and-upgrade/install-federated-authentication.html) | [Federated Authentication via OAuth2/OIDC](/docs/pbc/all/oauth/latest/federated-authentication.html) |

Merchant users overview

Thu, 07 May 2026 18:46:30 +0000

The merchant concept presupposes having employees with access to the Merchant Portal that will perform various actions on behalf of the merchants. To enable that, the *merchant user* entity is introduced. From the technical point of view, Merchant Portal is a subset of modules in Zed functioning separately from the Back Office application. As in the Back Office, there are users performing different types of actions (they are further on called *Back Office users*); the Merchant Portal has merchant users that function similarly within a merchant account. {% info_block infoBox "Example" %} For example, there can be a person responsible only for creating and managing product offers; the other person takes care of shipping merchant orders to their buyers. It means that two merchant users need to be created for these purposes. {% endinfo_block %} To add merchant users for a merchant, the merchant must be created first. When the merchant record exists, a Marketplace administrator can set up one or several merchant users to manage the merchant account. The merchant users concept follows certain rules: - Every merchant user has a unique email address in the system. - A merchant user belongs to one merchant, and the same merchant user can't be assigned to two or more merchants. ## Merchant user statuses The following table explains all the statuses that may apply to a merchant user. | STATUS | DESCRIPTION | | --- | --- | | Active | When the merchant user has the `Active` status, it means that the merchant is approved, the merchant user account is activated, the email with reset password instructions has been sent, and the merchant user has access to the Merchant Portal. | | Deactivated | Access to the Merchant Portal is revoked for a deactivated merchant user. A merchant user can be deactivated when:

A merchant or Marketplace administrator deactivates the merchant user.
The merchant to whom the merchant user belongs has been [denied](/docs/pbc/all/merchant-management/latest/marketplace/marketplace-merchant-feature-overview/marketplace-merchant-feature-overview.html#merchant-statuses).

| | Deleted | Access to the Merchant Portal is revoked for the deleted merchant user. In the current implementation, both statuses `Deactivated` and `Deleted` have the same functionality—they restrict access to the Merchant Portal. However, this can be changed and adapted on the project level. | ## Merchant user access Both merchant and typical Back Office users have a common entry point, but the login URLs to the Back Office and Merchant Portal are different. The exemplary login link to the Merchant Portal is `https://os.de.marketplace.demo-spryker.com/security-merchant-portal-gui/login`. To log in to the Merchant Portal, both a merchant and merchant user need to be activated in the Back Office. {% info_block infoBox "Info" %} If a merchant is [denied](/docs/pbc/all/merchant-management/latest/marketplace/marketplace-merchant-feature-overview/marketplace-merchant-feature-overview.html#merchant-statuses), all their merchant users get deactivated automatically. If the merchant is re-approved again, their merchant users need to be re-activated one by one manually. {% endinfo_block %} Upon entering the Merchant Portal, a separate area with a different navigation menu is displayed to a merchant user. Merchant users have access only to the information related to their organization through the Merchant Portal application (profile, products, offers, orders); that is, merchant users have their own area and do not access the Back Office. ## Merchant user workflow 1. A Marketplace administrator creates a merchant and approves it. 2. When the merchant is approved, corresponding merchant users can be created in **Back Office > Merchant > Users**. 3. A Marketplace administrator can assign needed user groups to allow or restrict certain permissions for Merchant Portal in **Back Office > Users > Users**. 4. After the merchant user is created, they need to be activated to log in to the Merchant Portal. 5. The "Reset Password" email is sent to the activated merchant user. 6. After the password is reset, the merchant user can log in to the Merchant Portal.

Marketplace Merchant Portal Core feature overview

Thu, 07 May 2026 18:46:30 +0000

The Marketplace Merchant Portal Core enables server configuration and basic functions of the Merchant Portal application, such as secure login, GUI tables, and dashboards. Merchant Portal and Back Office are separate applications with different entry points, bootstraps, and possibilities to register application plugins, configure application base URLs, and debug. To learn more about the Marketplace Application, see [Marketplace Application Composition](/docs/dg/dev/architecture/marketplace-architecture/marketplace-application-composition.html). Login and logout in the Merchant Portal are provided by the `SecurityMerchantPortalGui` module, which also provides the `ZedMerchantUserSecurityPlugin` for extending the Merchant Portal firewall. ## Module dependency graph The following diagram illustrates the dependencies between the modules for the Marketplace Merchant Portal Core feature. ![Modules relation](https://confluence-connect.gliffy.net/embed/image/2e0be237-6e7b-4488-8d4b-811707c14ea0.png?utm_medium=live&utm_source=custom) ### Main Marketplace MerchantPortal Core feature modules The following table lists the main MerchantPortal Core modules: | NAME | DESCRIPTION | | -------------- | ------------------ | | [Acl](https://github.com/spryker/acl) | Acl is part of the Store Administration. The purpose of this module is to define roles, groups, privileges, and resources to manage access privileges to Zed Administration Interface. | | [AclEntity](https://github.com/spryker/acl-entity) | This module provides a database structure for `AclEntitySegment` and `AclEntityRule` as well as methods for managing them. | | [AclMerchantPortal](https://github.com/spryker/acl-merchant-portal) | Acl and merchant entities are connected through this module. | | [GuiTable](https://github.com/spryker/gui-table) | This module provides base functionality for building GuiTables. | | [MerchantPortalApplication](https://github.com/spryker/merchant-portal-application) | This module provides basic infrastructure for the MerchantPortal modules. | | [MerchantUser](https://github.com/spryker/merchant-user) | Merchant user module provides data structure, facade methods and plugins that let users relate to merchants. | | [MerchantUserPasswordResetMail](https://github.com/spryker/merchant-user-password-reset-mail) | This module provides possibility to reset password for the merchant user. | | [Navigation](https://github.com/spryker/navigation) | This module manages multiple navigation menus that can be displayed on the frontend. | | [SecurityMerchantPortalGui](https://github.com/spryker/security-merchant-portal-gui) | This module provides security rules and authentication for merchant users. | | [UserMerchantPortalGui](https://github.com/spryker/user-merchant-portal-gui) | This module module provides components for merchant user management. | | [ZedUi](https://github.com/spryker/zed-ui) | This module provides base UI components for Zed application. | ### Optional Marketplace MerchantPortal Core feature modules The following table lists optional MerchantPortal Core modules: | NAME | DESCRIPTION | | -------------------- | --------------------- | | [DashboardMerchantPortalGui](https://github.com/spryker/dashboard-merchant-portal-gui) | This module contains the dashboard and its related components for the Merchant Portal. | | [DashboardMerchantPortalGuiExtension](https://github.com/spryker/dashboard-merchant-portal-gui-extension) | This module provides extension interfaces for the `DashboardMerchantPortalGui` module.| | [MerchantUserExtension](https://github.com/spryker/merchant-user-extension) | This module provides plugin interfaces to extend `MerchantUser` module from another modules. | | [UserMerchantPortalGuiExtension](https://github.com/spryker/user-merchant-portal-gui-extension) | This module provides plugin interfaces to extend the `UserMerchantPortalGui` module from the other modules. | ## Domain model The following schema illustrates the Marketplace MerchantPortal Core domain model: ![Domain model](https://confluence-connect.gliffy.net/embed/image/2f5bae0d-8b37-45f5-ad08-06ca5c0c562d.png?utm_medium=live&utm_source=custom) ## Gui table `GuiTable` is a Spryker infrastructure component, which displays data as tables and provides search, filtering, sorting, and various interactions with table rows. `GuiTable` components are widely used in the Marketplace Merchant Portal for displaying orders, offers, and products. The `GuiTable` frontend component knows how to create the table itself, where to go for the data, and how to interpret the provided data based on the configuration provided. {% info_block warningBox "Table design" %} To learn more about table design, see [Table design](/docs/dg/dev/frontend-development/latest/marketplace/table-design/table-design.html). {% endinfo_block %} ## Related Developer documents |INSTALLATION GUIDES |GLUE API GUIDES |DATA IMPORT | REFERENCES | |---------|---------|---------|--------| | [Install the Marketplace Merchant Portal Core feature](/docs/pbc/all/merchant-management/latest/marketplace/install-and-upgrade/install-features/install-the-marketplace-merchant-portal-core-feature.html) | | [File details: merchant_user.csv](/docs/pbc/all/merchant-management/latest/marketplace/import-and-export-data/import-file-details-merchant-user.csv.html) | [GUI modules concept](/docs/pbc/all/merchant-management/latest/marketplace/marketplace-merchant-portal-core-feature-overview/gui-modules.html) | | [Install Federated Authentication via OAuth2/OIDC](/docs/pbc/all/oauth/latest/install-and-upgrade/install-federated-authentication.html) | | | [Federated Authentication via OAuth2/OIDC](/docs/pbc/all/oauth/latest/federated-authentication.html) | | | | | [How to create a new GUI module](/docs/pbc/all/merchant-management/latest/marketplace/tutorials-and-howtos/create-gui-modules.html) | | | | | [How to create a new Gui table](/docs/pbc/all/merchant-management/latest/marketplace/tutorials-and-howtos/create-gui-tables.html) | | | | | [How to extend an existing Gui table](/docs/pbc/all/merchant-management/latest/marketplace/tutorials-and-howtos/extend-gui-tables.html) | | | | | [How to create a new Gui table filter type](/docs/pbc/all/merchant-management/latest/marketplace/tutorials-and-howtos/create-gui-table-filter-types.html) | | | | | [How to extend Merchant Portal dashboard](/docs/pbc/all/merchant-management/latest/marketplace/tutorials-and-howtos/extend-merchant-portal-dashboard.html) |

Customer Login overview

Thu, 07 May 2026 18:46:30 +0000

The Customer Login feature with an enhanced secure password policy lets you prevent brute-force login attacks by configuring your project in the following ways:

Block a Storefront user account for some time after a certain number of login attempts.
Enforce the use of strong passwords by defining requirements for a password, like its length and allowed and forbidden characters.

You can define separate settings for a Storefront user and agent.

Demo Shop default configuration

The feature’s default configuration in the Spryker Demo Shop is as follows. When a user tries to log in and the number of unsuccessful login attempts reaches the preset limit (11 attempts for a Storefront user and 10 for an agent), the user account is locked out for some time (5 minutes for a Storefront user and 6 for an agent). After the last unsuccessful attempt, the user is notified that the ban is applied, and the user cannot log in until the ban expires.

To minimize login issues for real customers, the ban is applied by the IP address, which means you can log in to the same user account from one IP address while being locked out of another IP address. All information about blocked accounts is stored in key-value store (Redis or Valkey).

When registering an account or changing an old password in the Demo Shop, the password must contain a combination of alphabetic, numeric, and special characters. The alphabetic characters must also be of mixed case (for example, one lower case and one upper case), and the password length must be from 8 to 64 characters.

Security concerns

In order to enable brute-force protection, follow this security release.

INSTALLATION GUIDES	REFERENCES
Install Federated Authentication via OAuth2/OIDC	Federated Authentication via OAuth2/OIDC

Customer Account Management feature overview

Thu, 07 May 2026 18:46:30 +0000

The Customer Account Management feature enables a wide range of management options for customer accounts, as well as additional functionalities.

Customers create accounts to save their personal details. Back Office users manage the customer accounts: they can view and edit customer details, check orders, and add notes. Customer accounts can have the following details:

Contact details
Addresses
Order history
Language and shipping preferences

Password management enables basic password security for customer accounts. It lets customers do the following:

Specify the account password when registering.
Change the password in their customer account.
Request a password reset email.

Also, it lets you manage customer access, request a password change, or change it on your side. You can restrict the possibility for the customers to register with simple passwords and lock out accounts after several unsuccessful logins for a certain period of time.

BACK OFFICE USER GUIDES
Get a general idea of Customer Account
Get a general idea of Customer Registration
Get a general idea of Customer Login
Get a general idea of Customer Groups
Get a general idea of Password Management

INSTALLATION GUIDES	UPGRADE GUIDES	GLUE API GUIDES	DATA IMPORT	REFERENCES
Install the Agent Assist feature	CompanyUser migration guide	Authenticating as a customer	File details: customer.csv	Reference information: Customer module overview
Install the Company account feature		Confirming customer registration
Install the Customer Account Management feature		Managing customer addresses
Install the Customer Account Management Glue API		Managing customer authentication tokens
Install the Spryker Core feature		Managing customer authentication tokens via OAuth 2.0
Install the Spryker Core Glue API		Managing customer passwords
		Managing customers
Install Federated Authentication via OAuth2/OIDC				Federated Authentication via OAuth2/OIDC

Multi-Factor Authentication

Thu, 07 May 2026 17:21:50 +0000

Multi-Factor Authentication (MFA) adds an extra layer of security for customers, Back Office users, agents, merchant, and merchant agent users by requiring multiple methods of authentication before allowing an action. Benefits of MFA: - Enhanced security with an extra layer of protection - Enhanced privacy with better protected personal data - Supports compliance with security regulations and industry standards ## MFA flow for protected actions The login process with MFA looks as follows: 1. Initial MFA check: The system checks if MFA is enabled for the user. If no MFA methods are enabled, the authentication process continues without additional validation. 2. Fetch enabled MFA types: The system retrieves the user's enabled MFA methods from a specific endpoint depending on the user type: - Customer: `multi-factor-auth/get-customer-enabled-types` - Agent: `multi-factor-auth/get-user-enabled-types` - Back Office user: `multi-factor-auth/user/get-enabled-types` - Merchant: `multi-factor-auth/merchant-user/get-enabled-types` - Merchant agent: `multi-factor-auth/merchant-agent-user/get-enabled-types` 3. Evaluate the number of enabled MFA methods: - Multiple MFA methods: the system presents a selection screen where the user selects a preferred authentication method - One MFA method: the system proceeds to verify the user using their only MFA method 4. Send the authentication code: The system sends a verification code through the appropriate endpoint based on the user type: - Customer: `multi-factor-auth/send-customer-code` - Agent: `multi-factor-auth/send-user-code` - Back Office user: `multi-factor-auth/user/send-code` - Merchant: `multi-factor-auth/merchant-user/send-code` - Merchant agent: `multi-factor-auth/merchant-agent-user/send-code` The delivery method depends on the MFA configuration: - If multiple MFA methods are enabled, the authentication code is sent via the platform selected by the user - If only one MFA method is enabled, the authentication code is sent via that method's platform 5. Code validation: After the authentication code is sent, the system presents a code validation form to the user. The user enters the received authentication code in the form. If the code is correct, authentication is successful. If incorrect, the user needs to double-check the code and try entering again. ![MFA-flow](https://spryker.s3.eu-central-1.amazonaws.com/docs/pbc/all/multi-factor-authentication/multi-factor-authentication.md/MFA-flow.png) ### Login MFA flow For the login MFA flow, MFA is triggered only after validating credentials to prevent unnecessary MFA processing. 1. On the login page, customer/user enters email and password. 2. The system validates the credentials. If invalid, authentication fails, and the customer/user is prompted to try again. If valid, the system proceeds to check if MFA is enabled. 3. If MFA is enabled, the process continues as described in [MFA flow for protected actions](#mfa-flow-for-protected-actions). ## MFA protected actions MFA adds an additional authentication layer for critical operations, protecting both user accounts and sensitive business data. Protected actions: - All user types: - Login authentication - Password changes - Customer: - Update email address - Delete account - Back Office user and agent: - Update user profile information - Create, update, or delete other users' accounts - Create, update, or delete API keys - Merchant and merchant agent user: Update user password You can configure other actions to be protected with MFA according to your requirements. For instructions on integrating MFA into forms and actions, see [Install the Multi-Factor Authentication feature](/docs/pbc/all/multi-factor-authentication/latest/install-multi-factor-authentication-feature#configure-protected-routes-and-forms-for-customers). ## MFA grace period After a customer/user successfully enters a valid MFA code, there's a configurable time interval during which MFA validation isn't required for subsequent actions. This improves user experience because users sometimes need to perform multiple protected actions within a short period of time. For details on configuring the grace period, see [Install the Multi-Factor Authentication feature](/docs/pbc/all/multi-factor-authentication/latest/install-multi-factor-authentication-feature#set-up-configuration). **Note:** To enhance security, the Multi-Factor Authentication system automatically invalidates all active MFA codes when a user logs in. This security measure ensures: - **Fresh authentication required**: Each login requires a new authentication code, even if previous session codes are still technically valid - **Prevention of code reuse**: Old codes from expired or terminated sessions cannot be reused - **Protection against session hijacking**: Attackers cannot use intercepted codes from previous sessions - **Seamless user experience**: Code invalidation happens automatically in the background without requiring additional user actions This security mechanism applies to all user types: customers, Back Office users, agents, merchants, and merchant agent users. ## Brute force protection The Multi-Factor Authentication system includes protection against brute force attacks. This mechanism limits the number of failed MFA code entry attempts a customer/user can make within a single validation flow. If a customer/user reaches the configured number of failed attempts to enter the code, the following happens: - The system resets the MFA flow - The page is refreshed, and the customer/user must start the authentication process from the beginning - All previously generated codes become invalid For instructions on configuring brute force protection, see [Install the Multi-Factor Authentication feature](/docs/pbc/all/multi-factor-authentication/latest/install-multi-factor-authentication-feature.html#configure-brute-force-protection-limit-for-customers). ## Multi-Factor Authentication methods The feature is shipped with the email authentication method. For instructions on installing this method, see [Install email Multi-Factor Authentication method](/docs/pbc/all/multi-factor-authentication/latest/install-email-multi-factor-authentication-method.html). You can set up your own methods by implementing a custom MFA type plugin. For instructions, see [Create custom Multi-Factor Authentication methods](/docs/pbc/all/multi-factor-authentication/latest/create-multi-factor-authentication-methods.html).

Integrations Catalog

Thu, 07 May 2026 17:21:50 +0000

{% raw %}

{% endraw %}

Identity Access Management

Thu, 07 May 2026 17:21:50 +0000

The Identity Access Management capability enables all types of users in a Spryker shop to create and manage accounts. Different levels of security let users manage the access of other users. ## Back Office authentication Back Office supports login via two types of accounts: - Back Office account. - Account of a third-party service that is configured as a single sign-on. ### Login with a Back Office account Only an existing Back Office user with sufficient permissions or a developer can create Back Office accounts. That is, if you want to onboard a new Back Office user, you need to create an account for them. For instructions on creating accounts in the Back Office, see [Create users](/docs/pbc/all/user-management/latest/base-shop/manage-in-the-back-office/manage-users/create-users.html). To log in, on the Back Office login page, a user enters the email address and password of their account. If the credentials are correct and their account is active at that time, they are logged in. If a user does not remember their password, they can reset it using the form available on the login page. ### Login with a single sign-on Your project can have a single sign-on(SSO) login configured for the Back Office. SSO lets users log into the Back Office with accounts of a third-party service. The feature is shipped with an exemplary ECO module that supports SSO authentication via Microsoft Azure Active Directory. With the existing infrastructure, you can develop your own ECO modules for the identity managers you need. SSO uses the [OpenID](https://en.wikipedia.org/wiki/OpenID) protocol for authentication. To log in with an SSO, on the Back Office login page, users click **Login with {Third-party service name}**. This opens the sign-in page of the configured service. Users sign in with their accounts and get redirected to the Back Office. If a user chooses to log in using a third party, they are redirected to the OAuth provider's sign-in page—for example, Microsoft Azure. If the user successfully signs into the third-party service, the check is made if the user exists in the Spryker database. If the user exists in the database and is active, the user is logged in. The following sections describe different ways of handling users that have access to your SSO service, but don't have a Back Office account. ### SSO authentication strategies Depending on your access and security requirements, you can have one of the following strategies implemented for SSO authentication. #### Registration is required only with the SSO service If a user logs in with an SSO but does not have a Back Office account, the following happens: - Based on the third-party system's user data, such as first name, last name, and email, a Back Office account is created. - The user is assigned to the default user group. - The user is logged into the Back Office. The login process looks like this: ![image](https://confluence-connect.gliffy.net/embed/image/5b0f6ab5-d4d5-4b53-b82a-d73bec9c81ea.png?utm_medium=live&utm_source=custom) #### Registration is required with the SSO service and with Spryker If a user logs in with an SSO but does not have a Back Office account, the user is not logged in. To be able to log in, a user must have a Back Office account registered using the email address used for their account with the SSO service. Usually, this strategy is used when not all the users that have access to the SSO service need access to the Back Office. ## Post-login redirect When a user's session times out, they are redirected to the login page. Without post-login redirect, after re-authentication, users land on the homepage and lose their context. With post-login redirect enabled, users are automatically sent back to the exact page they were on before the session expired — preserving their workflow across Back Office, Merchant Portal, and Storefront. The last visited page URL is tracked on every eligible GET request and stored in a browser cookie named `last-visited-page`. AJAX requests, login and logout pages, and internal framework paths are excluded from tracking. If the user was on a create or edit page before the session expired, they are redirected back to that page, but any unsaved data is lost. Post-login redirect does not apply to agent users in Storefront and Merchant Portal. Redirect across multiple browsers or devices is not supported. The redirect applies only to the browser in which the original session was active. ## Glue API authentication For details about Glue API authentication, see [Glue API authentication and authorization](/docs/integrations/spryker-glue-api/authenticating-and-authorization/authenticating-and-authorization.html) ## Current constraints The feature has the following functional constraint: Each of the identity managers is an ECO module that must be developed separately. After the module development, the identity manager's roles and permissions must be mapped to the roles and permissions in Spryker. The mapping is always implemented at the project level. ## Related Developer documents |INSTALLATION GUIDES | GLUE API GUIDES | | - | - | | [Install the Spryker Core Back Office feature](/docs/pbc/all/identity-access-management/latest/install-and-upgrade/install-the-spryker-core-back-office-feature.html) | [Authentication and authorization](/docs/integrations/spryker-glue-api/authenticating-and-authorization/authenticating-and-authorization.html) | | [Install Microsoft Azure Active Directory](/docs/pbc/all/identity-access-management/latest/install-and-upgrade/install-microsoft-azure-active-directory.html) | [Authentication and authorization](/docs/integrations/spryker-glue-api/authenticating-and-authorization/authenticating-and-authorization.html) | | [Install the Customer Access Glue API](/docs/pbc/all/identity-access-management/latest/install-and-upgrade/install-the-customer-access-glue-api.html) | [Create customers](/docs/pbc/all/identity-access-management/latest/manage-using-glue-api/glue-api-create-customers.html) | | [Integrate post-login redirect](/docs/pbc/all/identity-access-management/latest/install-and-upgrade/integrate-post-login-redirect.html) | | | | [Federated Authentication via OAuth2/OIDC](/docs/pbc/all/oauth/latest/federated-authentication.html) | | | [Confirm customer registration](/docs/pbc/all/identity-access-management/latest/manage-using-glue-api/glue-api-confirm-customer-registration.html) | | | [Manage customer passwords](/docs/pbc/all/identity-access-management/latest/manage-using-glue-api/glue-api-manage-customer-passwords.html) | | | [Authenticate as a customer](/docs/pbc/all/identity-access-management/latest/manage-using-glue-api/glue-api-authenticate-as-a-customer.html) | | | [Manage customer authentication tokens via OAuth 2.0](/docs/pbc/all/identity-access-management/latest/manage-using-glue-api/glue-api-manage-customer-authentication-tokens-via-oauth-2.0.html) | | | [Manage customer authentication tokens](/docs/pbc/all/identity-access-management/latest/manage-using-glue-api/glue-api-manage-customer-authentication-tokens.html) | | | [Authenticate as a Back Office user](/docs/pbc/all/identity-access-management/latest/manage-using-glue-api/glue-api-authenticate-as-a-back-office-user.html) | | | [Authenticating as a company user](/docs/pbc/all/identity-access-management/latest/manage-using-glue-api/glue-api-authenticate-as-a-company-user.html) | | | [Manage company user authentication tokens](/docs/pbc/all/identity-access-management/latest/manage-using-glue-api/glue-api-manage-company-user-authentication-tokens.html) | | | [Authenticate as an agent assist](/docs/pbc/all/identity-access-management/latest/manage-using-glue-api/glue-api-authenticate-as-an-agent-assist.html) | | | [Managing agent assist authentication tokens](/docs/pbc/all/identity-access-management/latest/manage-using-glue-api/glue-api-manage-agent-assist-authentication-tokens.html) | | | [Delete expired refresh tokens](/docs/pbc/all/identity-access-management/latest/manage-using-glue-api/glue-api-delete-expired-refresh-tokens.html) |

Install Search Statistics

Thu, 07 May 2026 14:32:01 +0000

This document describes how to install the Search Statistics feature. ## Prerequisites Install the required features: | NAME | VERSION | | --- | --- | | Spryker Core | ^3.46.0 | | spryker-shop/shop-ui | 1.107.0 | | spryker-shop/traceable-event-widget | 1.2.0 | ### 1) Install the required modules using Composer ```bash composer require spryker-eco/google-analytics:"^1.0.0" --update-with-dependencies ``` {% info_block warningBox "Verification" %} Make sure the following modules have been installed: | MODULE | EXPECTED DIRECTORY | | --- | --- | | GoogleAnalytics | vendor/spryker-eco/google-analytics | {% endinfo_block %} ### 2) Generate transfer objects ```bash console transfer:generate ``` {% info_block warningBox "Verification" %} Verify that the following transfer objects have been generated: | TRANSFER | TYPE | EVENT | PATH | | --- | --- | --- | --- | | GoogleAnalyticsEvent | class | created | src/Generated/Shared/Transfer/GoogleAnalyticsEventTransfer | | GoogleAnalyticsEventConditions | class | created | src/Generated/Shared/Transfer/GoogleAnalyticsEventConditionsTransfer | | GoogleAnalyticsEventCriteria | class | created | src/Generated/Shared/Transfer/GoogleAnalyticsEventCriteriaTransfer | | GoogleAnalyticsEventCollection | class | created | src/Generated/Shared/Transfer/GoogleAnalyticsEventCollectionTransfer | {% endinfo_block %} ### 3) Generate translations ```bash console translator:generate-cache ``` ### 4) Configure navigation Update the `analytics` navigation entry in `config/Zed/navigation.xml` to add **Search Statistics** as a sub-page. Replace the existing `` entry with the following: **config/Zed/navigation.xml** ```xml Analytics Analytics bar_chart_4_bars Analytics Analytics analytics-gui analytics index

Search Statistics Search Statistics google-analytics search-statistics index

``` Generate the router and navigation caches: ```bash console router:cache:warm-up:backoffice console navigation:build-cache ``` {% info_block warningBox "Verification" %} Log in to the Back Office and verify that **Analytics > Search Statistics** appears as a sub-item in the main navigation sidebar. {% endinfo_block %} ### 5) Configure TypeScript paths In `tsconfig.yves.json`, add the `TraceableEventWidget` path alias to `compilerOptions.paths`: **tsconfig.yves.json** ```json { "compilerOptions": { "paths": { "TraceableEventWidget/*": [ "./vendor/spryker-shop/traceable-event-widget/src/SprykerShop/Yves/TraceableEventWidget/Theme/default/*" ] } } } ``` ### 6) Set up behavior #### 6.1) Synchronize configuration definitions Import the Search Statistics configuration schema into the Configuration module: ```bash console configuration:sync ``` {% info_block warningBox "Verification" %} 1. Log in to the Back Office. 2. Navigate to **Configuration**. 3. Verify that a **Google Analytics** feature entry appears with the **Storefront** and **Data API** tabs. {% endinfo_block %} #### 6.2) Configure Google Analytics 4 credentials Before you configure the Back Office, obtain the following parameters from Google: - **Measurement ID** (format: `G-XXXXXXXXXX`): see [Find your Measurement ID](https://support.google.com/analytics/answer/9539598) in the Google Analytics Help Center. - **Property ID**: see [GA4 Property ID](https://developers.google.com/analytics/devguides/reporting/data/v1/property-id) in the Google Analytics Data API documentation. - **Service Account Credentials JSON**: see [Create and delete service account keys](https://cloud.google.com/iam/docs/keys-create-delete) in the Google Cloud documentation. Configure the Google Analytics 4 connection in the Back Office: 1. Navigate to **Configuration > Google Analytics**. 2. Under the **Storefront** tab, enable tracking and set the **Measurement ID** (format: `G-XXXXXXXXXX`). 3. Under the **Data API** tab, set the **Property ID** and paste the full JSON content of a Google Cloud service account key into **Service Account Credentials JSON**. {% info_block warningBox "Verification" %} 1. Open the storefront and perform a search. 2. Verify that a `search_results` event appears in the Google Analytics 4 DebugView for the configured property. To enable and use DebugView, see [Monitor events with DebugView](https://support.google.com/analytics/answer/7201382) in the Google Analytics Help Center. 3. Navigate to **Analytics > Search Statistics** in the Back Office and verify that search term data is returned after the GA4 processing delay (up to 48 hours). {% endinfo_block %}

Spryker Documentation

Migration status - Glue API to API Platform

Spryker Core Back Office feature overview

Merchant users overview

Marketplace Merchant Portal Core feature overview

Customer Login overview

Demo Shop default configuration

Security concerns

Related Developer documents

Customer Account Management feature overview

Related Business User documents

Related Developer documents

Multi-Factor Authentication

Integrations Catalog

Featured integrations

Identity Access Management

Install Search Statistics