---
description: OCAPI and SCAPI hook implementation patterns
alwaysApply: false
---
# OCAPI/SCAPI Hook Development
Use this rule when implementing OCAPI or SCAPI hooks.
## Mandatory MCP Tools Sequence
**BEFORE writing ANY hook code:**
1. `mcp_sfcc-dev_get_best_practice_guide` with guideName: "ocapi_hooks" OR "scapi_hooks"
2. `mcp_sfcc-dev_get_hook_reference` with guideName: "ocapi_hooks" OR "scapi_hooks"
3. `mcp_sfcc-dev_search_best_practices` with query: "validation"
4. `mcp_sfcc-dev_search_best_practices` with query: "security"
5. `mcp_sfcc-dev_search_sfcc_classes` with query: relevant business domain
## MCP-Guided Hook Development Process
### Step 1: Research Hook Extension Points
```
Use: mcp_sfcc-dev_get_hook_reference with guideName: "ocapi_hooks" or "scapi_hooks"
Purpose: Get complete hook reference tables with all available extension points
```
### Step 2: Get Implementation Patterns
```
Use: mcp_sfcc-dev_get_best_practice_guide with guideName: "ocapi_hooks" or "scapi_hooks"
Purpose: Get comprehensive hook implementation patterns and examples
```
### Step 3: Security Validation Patterns
```
Use: mcp_sfcc-dev_search_best_practices with query: "validation"
Use: mcp_sfcc-dev_search_best_practices with query: "security"
Purpose: Get input validation and security patterns for hooks
```
### Step 4: SFCC Class Research
```
Use: mcp_sfcc-dev_search_sfcc_classes with query: [business domain]
Use: mcp_sfcc-dev_get_sfcc_class_info with className: [relevant class]
Purpose: Understand available SFCC APIs for hook implementation
```
## MCP-Enhanced Hook Template Pattern
```javascript
'use strict';
/**
* Hook: [Hook Name]
* Extension Point: [Extension Point Path from MCP hook reference]
* Description: [What this hook does and why]
*
* Implementation based on:
* - mcp_sfcc-dev_get_best_practice_guide with guideName: "[ocapi_hooks|scapi_hooks]"
* - mcp_sfcc-dev_get_hook_reference with guideName: "[ocapi_hooks|scapi_hooks]"
*/
/**
* Before hook implementation
* @param {Object} param1 - Description from MCP hook reference
* @param {Object} param2 - Description from MCP hook reference
* @returns {dw.system.Status} Hook execution status
*/
exports.beforePOST = function (param1, param2) {
try {
// Input validation (patterns from MCP security best practices)
if (!param1 || !param2) {
var Logger = require('dw/system/Logger').getLogger('hooks', 'HookName');
Logger.error('Invalid parameters in hook: param1={0}, param2={1}', param1, param2);
return new Status(Status.ERROR, 'INVALID_PARAMETERS', 'Required parameters missing');
}
// Security validation (implement patterns from MCP security guide)
var validationResult = validateHookInput(param1, param2);
if (!validationResult.valid) {
Logger.error('Security validation failed in hook: {0}', validationResult.error);
return new Status(Status.ERROR, 'VALIDATION_FAILED', validationResult.error);
}
// Business logic here (use SFCC classes discovered via MCP)
// Success response
return new Status(Status.OK);
} catch (e) {
var Logger = require('dw/system/Logger').getLogger('hooks', 'HookName');
Logger.error('Error in hook execution: {0}', e.message);
Logger.debug('Hook error stack trace: {0}', e.stack);
return new Status(Status.ERROR, 'HOOK_ERROR', 'Hook execution failed');
}
};
/**
* Input validation based on MCP security best practices
* ALWAYS implement this pattern for hooks
*/
function validateHookInput(param1, param2) {
// Implement validation patterns from:
// mcp_sfcc-dev_search_best_practices with query: "validation"
// mcp_sfcc-dev_search_best_practices with query: "security"
try {
// Validate parameter types
if (typeof param1 !== 'object' || typeof param2 !== 'object') {
return { valid: false, error: 'Invalid parameter types' };
}
// Validate required fields (based on MCP hook reference)
// Add specific validations based on hook requirements
return { valid: true };
} catch (e) {
return { valid: false, error: 'Validation error: ' + e.message };
}
}
```
## Hook Development Checklist (MCP-Verified)
Before implementing hooks, verify with MCP:
- [ ] `mcp_sfcc-dev_get_hook_reference` - Confirm extension point exists and signature
- [ ] `mcp_sfcc-dev_get_best_practice_guide` - Get implementation patterns
- [ ] `mcp_sfcc-dev_search_best_practices` with query: "security" - Security requirements
- [ ] `mcp_sfcc-dev_search_best_practices` with query: "validation" - Input validation
- [ ] `mcp_sfcc-dev_search_best_practices` with query: "performance" - Performance guidelines
Implementation verification:
- [ ] Input parameter validation implemented
- [ ] Proper Status object returns
- [ ] Comprehensive error handling with logging
- [ ] Security validation for all inputs
- [ ] Performance considerations for heavy processing
- [ ] Transaction management (if applicable)
- [ ] Correlation IDs for debugging
## OCAPI vs SCAPI Hook Differences
**OCAPI Hooks:**
```
Use: mcp_sfcc-dev_get_hook_reference with guideName: "ocapi_hooks"
Use: mcp_sfcc-dev_get_best_practice_guide with guideName: "ocapi_hooks"
```
**SCAPI Hooks:**
```
Use: mcp_sfcc-dev_get_hook_reference with guideName: "scapi_hooks"
Use: mcp_sfcc-dev_get_best_practice_guide with guideName: "scapi_hooks"
```
## Security Considerations from MCP
Always implement security patterns from MCP:
- Validate all input data per MCP security guide
- Use proper authentication checks from MCP patterns
- Sanitize user-provided data per MCP recommendations
- Implement rate limiting for external calls (MCP performance guide)
- Log security-relevant events with correlation IDs
## NEVER Implement Hooks Without MCP
- ❌ Don't guess hook extension points - use `mcp_sfcc-dev_get_hook_reference`
- ❌ Don't implement without patterns - use `mcp_sfcc-dev_get_best_practice_guide`
- ❌ Don't skip security validation - use `mcp_sfcc-dev_search_best_practices`
- ❌ Don't assume SFCC APIs - use `mcp_sfcc-dev_search_sfcc_classes`
