obsidian/wiki/client-knowledge/3m.md

---
title: "Client Knowledge: 3M"
description: "3M-specific context: OMG Portal, One2Edit API proxy, two-step auth, embedded editor"
tags: [client-knowledge, 3m]
created: 2026-04-27
updated: 2026-04-27
---

# Client Knowledge: 3M

## Key Takeaways

- One active project: 3M OMG Portal — Node.js CORS proxy for One2Edit translation management
- One2Edit has no CORS headers — all API calls must go through the Node.js proxy
- Two-step auth: service account for job listing, externSessionId for embedded editor
- No build step, no database — plain HTML/JS pages

---

## Projects

| Project | Server | Stack | Status | Purpose |
|---------|--------|-------|--------|---------|
| [[01 Projects/3m-portal/3M OMG Portal\|3M OMG Portal]] | baic (web-03) | Node.js + Vanilla JS + One2Edit API | active | Translation job management portal wrapping One2Edit |

---

## OMG Portal — Key Facts

**What it does:** 3-page portal wrapping `oliver.one2edit.com` API for managing 3M translation jobs

**Page flow:**
1. `login.html` — Two-step: username → userId, then externSessionId
2. `dashboard.html` — Job list (STARTED/RUNNING status), progress bars, PDF export
3. `editor.html` — Embedded One2Edit JS SDK using externSessionId

**Two auth modes:**
- **Service account** (`portal@oliver.agency`): used for job listing — gets stable userId
- **Session-based** (`externSessionId`): used for embedded editor — expires after session

**One2Edit API:** `https://oliver.one2edit.com/v3/Api.php` — CORS blocked, all calls proxy through `localhost:3000/api`.

**Proxy behavior in server.js:**
- Strips/rewrites Location headers on 301/302 → returns 401 (prevents auth redirect loops)
- Injects CORS headers on all `/api` responses
- Masks passwords in server logs

**Dev start:**
```bash
npm start   # or: node server.js → http://localhost:3000
```

No build step — edit HTML/JS files directly.

---

## One2Edit Platform Notes

Same platform used by H&M. See [[wiki/client-knowledge/hm|H&M client knowledge]] and [[wiki/tech-patterns/one2edit-api|one2edit-api]] for full API details.

**Key quirk:** `sessionStorage` is used (not localStorage) — session is cleared on browser close. Users must log in again each browser session. This is intentional for security.

**User identity:** One2Edit usernames are email addresses in the format `FirstnameSurname@oliver.agency`. Example: Paul Johns → `PaulJohns@oliver.agency`. Look up users via `GET /api/users?clientId=<id>` — do not construct usernames by guessing. See [[wiki/concepts/one2edit-username-format|one2edit-username-format]].

---

## Related

- [[wiki/tech-patterns/one2edit-api|one2edit-api]] — One2Edit API patterns (shared with H&M)
- [[wiki/tech-patterns/nodejs-vanilla-proxy|nodejs-vanilla-proxy]] — Node.js proxy pattern
- [[wiki/client-knowledge/hm|hm]] — H&M uses the same One2Edit platform