Loading
Salesforce now sends email only from verified domains. Read More
Get Started with B2C Commerce
Table of Contents
Filter by (0)Add
Select Filters

          No results
          No results
          Here are some search tips

          Check the spelling of your keywords.
          Use more general search terms.
          Select fewer filters to broaden your search.

            Search all of Salesforce Help
            Search all of Salesforce Help
            Secret Storage in B2C Commerce

            You are here:

            1. Salesforce Help
            2. Docs
            3. B2C Commerce for Merchandisers and Administrators

            Secret Storage in B2C Commerce

            Storing and using secrets is one of the most sensitive actions taken by a developer to ensure the security of shopper information. A secret can be, and is not limited to, the following items.

            • Credentials used to authenticate to remote services, such as username and password, API tokens, access tokens, and session IDs.
            • Secret keys used to encrypt or decrypt sensitive data, such as private or symmetric keys.

            You can help prevent data exposure in a number of ways. First, make sure that sensitive data in forms isn’t logged or otherwise stored unless it’s absolutely necessary. Data that isn’t retained can’t be stolen. If you must store sensitive data, discard it as soon as possible and make sure that it’s encrypted. For credit card data, make sure that you use PCI DSS compliant tokenization or truncation.

            You can use the following APIs to store secrets securely on Salesforce B2C Commerce.

            • Service credentials
            • Private keys
            • Custom object attributes

            Service Credentials

            For each web service, the framework requires a service configuration, service profile configuration, and service credential configuration. You can create and manage these configurations in Business Manager.

            Service credentials are accessible in B2C Commerce API as the dw.svc.ServiceCredential object. They are read-only and should never be returned to a storefront request or written into any logs.

            Private Keys

            Cryptographic keys and certificates are pivotal resources for encryption and decryption, authentication, signatures, and more. Manage these keys and certificates by using the dedicated Business Manager wizard. They are accessible in the script API using the CertificateRef and KeyRef classes.

            Custom Object Attribute

            You can extend the B2C Commerce object model by using custom objects. You can customize custom attributes, their respective fields, and properties of the custom object type.

            Use type PASSWORD with any custom object attribute that handles secret information.

             
            Loading
            Salesforce Help | Article