npx claudepluginhub salesforcecommercecloud/b2c-developer-tooling --plugin b2c-cliThis skill uses the workspace's default tool permissions.
Use the `b2c am` commands to manage Account Manager resources: API clients, users, roles, and organizations.
Searches, retrieves, and installs Agent Skills from prompts.chat registry using MCP tools like search_skills and get_skill. Activates for finding skills, browsing catalogs, or extending Claude.
Searches prompts.chat for AI prompt templates by keyword or category, retrieves by ID with variable handling, and improves prompts via AI. Use for discovering or enhancing prompts.
Checks Next.js compilation errors using a running Turbopack dev server after code edits. Fixes actionable issues before reporting complete. Replaces `next build`.
Use the b2c am commands to manage Account Manager resources: API clients, users, roles, and organizations.
Tip: If
b2cis not installed globally, usenpx @salesforce/b2c-cliinstead (e.g.,npx @salesforce/b2c-cli am clients list).
Account Manager commands work out of the box with no configuration. The CLI uses a built-in public client and opens a browser for login.
--client-id and --client-secret (or set SFCC_CLIENT_ID and SFCC_CLIENT_SECRET env vars).--user-auth): When client credentials are configured but you need browser-based login (required for org and client management).| Operations | Client Credentials (roles on API client) | User Auth (roles on user account) |
|---|---|---|
| Users & Roles | User Administrator | Account Administrator or User Administrator |
| Organizations | Not supported -- use --user-auth | Account Administrator |
| API Clients | Not supported -- use --user-auth | Account Administrator or API Administrator |
Organization and API client management are only available with user authentication.
b2c am clients list
# with pagination
b2c am clients list --size 50 --page 2
# JSON output
b2c am clients list --json
# by UUID
b2c am clients get <api-client-id>
# with expanded organizations and roles
b2c am clients get <api-client-id> --expand organizations --expand roles
Clients are created inactive by default. Requires user auth.
b2c am clients create \
--name "My API Client" \
--orgs <org-id> \
--password "securePassword123"
# with roles, role tenant filter, and redirect URLs
b2c am clients create \
--name "CI/CD Pipeline" \
--orgs <org-id> \
--password "securePassword123" \
--roles SALESFORCE_COMMERCE_API \
--role-tenant-filter "SALESFORCE_COMMERCE_API:zzxy_prd" \
--redirect-urls "https://example.com/callback" \
--active
Partial update -- only specified fields are changed.
b2c am clients update <api-client-id> --name "New Name"
b2c am clients update <api-client-id> --active
b2c am clients password <api-client-id> --current "oldPass" --new "newSecurePass123"
Client must be disabled for 7+ days before deletion. Destructive operation (safe mode check).
b2c am clients delete <api-client-id>
b2c am users list
# with extended columns (roles, organizations)
b2c am users list --extended
# JSON output with pagination
b2c am users list --size 100 --json
b2c am users get user@example.com
# with expanded roles and organizations
b2c am users get user@example.com --expand-all
b2c am users create \
--org "My Organization" \
--mail user@example.com \
--first-name Jane \
--last-name Doe
The --org flag accepts either an org ID or org name. Users are created in INITIAL state with no roles.
b2c am users update user@example.com --first-name Janet --last-name Smith
Soft-deletes by default. Use --purge for hard delete (user must already be in DELETED state).
# soft delete
b2c am users delete user@example.com
# hard delete (purge)
b2c am users delete developer@example.com --purge
Resets password to INITIAL state, clearing expiration. Destructive operation (safe mode check).
b2c am users reset user@example.com
b2c am roles list
# filter by target type
b2c am roles list --target-type User
b2c am roles list --target-type ApiClient
b2c am roles get bm-admin
b2c am roles get SLAS_ORGANIZATION_ADMIN
b2c am roles grant user@example.com --role bm-admin
# with tenant scope
b2c am roles grant user@example.com --role bm-admin --scope zzzz_001,zzzz_002
# revoke entire role
b2c am roles revoke user@example.com --role bm-admin
# revoke specific tenant scopes only
b2c am roles revoke user@example.com --role bm-admin --scope zzzz_001
b2c am orgs list
# all organizations (max page size)
b2c am orgs list --all
# extended columns
b2c am orgs list --extended
Accepts org ID or name.
b2c am orgs get <org-id>
b2c am orgs get "My Organization"
# Create the user
b2c am users create --org $ORG_ID --mail developer@example.com \
--first-name Alex --last-name Developer
# Grant Business Manager Admin role scoped to a specific tenant
b2c am roles grant developer@example.com --role bm-admin --scope zzxy_prd
# Revoke roles
b2c am roles revoke developer@example.com --role bm-admin
# Soft delete the user
b2c am users delete developer@example.com
# Permanent deletion (user must be in DELETED state first)
b2c am users delete developer@example.com --purge
# Export all users as JSON
b2c am users list --size 4000 --json
# Pipe to jq for filtering
b2c am users list --json | jq '.[] | select(.userState == "ACTIVE")'
All am commands support --json for programmatic output. List commands support --columns, --extended, --size, and --page for pagination and column control.
Destructive operations (user delete, user reset, client delete) check safe mode. Only delete or purge users when explicitly requested.
See b2c am --help for a full list of available commands and options.