--- title: "Client Knowledge: 3M" description: "3M-specific context: OMG Portal, One2Edit API proxy, two-step auth, embedded editor" tags: [client-knowledge, 3m] created: 2026-04-27 updated: 2026-04-27 --- # Client Knowledge: 3M ## Key Takeaways - One active project: 3M OMG Portal — Node.js CORS proxy for One2Edit translation management - One2Edit has no CORS headers — all API calls must go through the Node.js proxy - Two-step auth: service account for job listing, externSessionId for embedded editor - No build step, no database — plain HTML/JS pages --- ## Projects | Project | Server | Stack | Status | Purpose | |---------|--------|-------|--------|---------| | [[01 Projects/3m-portal/3M OMG Portal\|3M OMG Portal]] | baic (web-03) | Node.js + Vanilla JS + One2Edit API | active | Translation job management portal wrapping One2Edit | --- ## OMG Portal — Key Facts **What it does:** 3-page portal wrapping `oliver.one2edit.com` API for managing 3M translation jobs **Page flow:** 1. `login.html` — Two-step: username → userId, then externSessionId 2. `dashboard.html` — Job list (STARTED/RUNNING status), progress bars, PDF export 3. `editor.html` — Embedded One2Edit JS SDK using externSessionId **Two auth modes:** - **Service account** (`portal@oliver.agency`): used for job listing — gets stable userId - **Session-based** (`externSessionId`): used for embedded editor — expires after session **One2Edit API:** `https://oliver.one2edit.com/v3/Api.php` — CORS blocked, all calls proxy through `localhost:3000/api`. **Proxy behavior in server.js:** - Strips/rewrites Location headers on 301/302 → returns 401 (prevents auth redirect loops) - Injects CORS headers on all `/api` responses - Masks passwords in server logs **Dev start:** ```bash npm start # or: node server.js → http://localhost:3000 ``` No build step — edit HTML/JS files directly. --- ## One2Edit Platform Notes Same platform used by H&M. See [[wiki/client-knowledge/hm|H&M client knowledge]] and [[wiki/tech-patterns/one2edit-api|one2edit-api]] for full API details. **Key quirk:** `sessionStorage` is used (not localStorage) — session is cleared on browser close. Users must log in again each browser session. This is intentional for security. **User identity:** One2Edit usernames are email addresses in the format `FirstnameSurname@oliver.agency`. Example: Paul Johns → `PaulJohns@oliver.agency`. Look up users via `GET /api/users?clientId=` — do not construct usernames by guessing. See [[wiki/concepts/one2edit-username-format|one2edit-username-format]]. --- ## Related - [[wiki/tech-patterns/one2edit-api|one2edit-api]] — One2Edit API patterns (shared with H&M) - [[wiki/tech-patterns/nodejs-vanilla-proxy|nodejs-vanilla-proxy]] — Node.js proxy pattern - [[wiki/client-knowledge/hm|hm]] — H&M uses the same One2Edit platform