---
title: "One2Edit API Integration"
aliases: [one2edit, o2e]
tags: [one2edit, api, translation, 3m, hm]
sources: [01 Projects/3m-portal, 01 Projects/hm-o2e-tool]
created: 2026-04-15
updated: 2026-04-15
---

# One2Edit API Integration

One2Edit is an online editor/translation platform used by 3M and H&M for marketing document management. Oliver uses it at `oliver.one2edit.com`.

## Key Takeaways
- API endpoint: `https://oliver.one2edit.com/v3/Api.php`
- Two auth modes: credential-based (service account) and session-based (externSessionId)
- CORS proxy required — browsers can't call the API directly (same-origin policy)
- The embedded editor uses the One2Edit JS SDK, not REST calls

## When to Use
Any client project built on the One2Edit platform (3M, H&M).

## Key Details

### Two Auth Modes
| Mode | When | How |
|------|------|-----|
| Credential | Fetching job lists | Username → userId, then externSessionId |
| Session | Embedded editor | `externSessionId` in SDK config |

### 3M Portal Auth Flow
```
1. Login: username → POST /Api.php → userId
2. Session: userId → POST /Api.php → externSessionId
3. Dashboard: externSessionId → fetch jobs (STARTED/RUNNING)
4. Editor: externSessionId → init One2Edit JS SDK
```

### CORS Proxy (3M Portal)
```js
// server.js
// All /api/* requests → oliver.one2edit.com/v3/Api.php
// Strips Location headers on 301/302 → returns 401
// Injects CORS headers
// Masks passwords in logs
```

### Service Account
- 3M Portal uses `portal@oliver.agency` service account for job listing
- Client users get their own `externSessionId` for the embedded editor

## Projects Using This Pattern
- [[01 Projects/3m-portal/3M OMG Portal|3M OMG Portal]] — Full portal: CORS proxy + Node.js backend + embedded SDK
- [[01 Projects/hm-o2e-tool/HM O2E Tool|H&M O2E Tool]] — Static tool: image relinking + document export (no proxy needed — called directly or via `python -m http.server`)

## Gotchas & Lessons
- 301/302 redirects from One2Edit mean auth failure — the Node proxy converts them to 401 to prevent redirect loops in the browser
- `sessionStorage` (not `localStorage`) — sessions clear on browser close, which is correct for this auth model
- H&M O2E tool is static (no backend) — can run without a server for most operations
- The JS SDK for the embedded editor is loaded from One2Edit's CDN — needs `externSessionId` at init time

## Related
- [[wiki/client-knowledge/hm|hm]] — H&M projects
- [[wiki/tech-patterns/nodejs-vanilla-proxy|nodejs-vanilla-proxy]] — CORS proxy pattern