ISVforce Guide

ISVforce Guide: Build and Distribute AppExchange Solutions
Get Ready to Distribute on AppExchange
Use Managed Packages to Develop Your AppExchange Solution
Manage Orgs with Environment Hub
Architectural Considerations for Group and Professional Editions
Security Requirements for AppExchange Partners and Solutions
Security Policy Requirements
Prevent Secure Coding Violations
Secure Your B2C Commerce Solution
Secure Your Tableau Accelerator
Secure Your Agentforce Solution
Secure Your Connected Apps and External Client Apps
Pass the AppExchange Security Review
Manage Your AppExchange Listings
AgentExchange Go-To-Market App Guide
Sell on AppExchange with Checkout
Report Orders to Salesforce with the Channel Order App
Provide Free Trials of Your AppExchange Solution
OEM User License Guide
PDF

Secure Your B2C Commerce Solution

All B2C Commerce Cartridges and Headless Integrations listed on AppExchange must adhere to these requirements.

Encryption, Cryptography, and Secret Storage

Protect data at rest using strong encryption schemes, and protect the encryption keys.

See Encryption and Cryptography and Secret Storage.

Authentication and Authorization

Before processing requests that carry privileged actions, authenticate and authorize the requests. Also enforce authentication and authorization when reading or writing confidential objects such as Order, Customer, and PaymentInstrument.

See Authentication and Authorization.

Open Commerce API (OCAPI) and Salesforce Commerce API (SCAPI) Settings

Follow the principle of least privilege for OCAPI and SCAPI permissions. Provide users with the minimum set of permissions required to perform a task. Document the permissions, and share them with your customers.

See OCAPI Settings and Authorization for SCAPI.

Sensitive Data Storage and Logging

Sensitive data is any information that must be protected against unauthorized access. Different regulations classify information as sensitive data and can include payment instruments, protected health information, personally identifiable information, access tokens, and encryption keys. Document and disclose to customers a list of sensitive data stored or processed by your solution. Redact sensitive data in B2C Commerce log files.

See Storing Sensitive Data.

Cryptography

Use supported cryptography APIs such as dw.crypto. Don’t implement custom cryptography.

Client-Side Scripts

Include and serve all client-side scripts statically from the B2C Commerce cartridge. Avoid dynamically loading third-party scripts from content delivery networks (CDNs) or other third parties.

Code Injection

Don’t interpret any input data as script. Statically include all source code.

User-Input Validation

Ensure that user input is exactly the kind of data that your solution expects. Validate all user input before processing.

See Data Validation.

User Input

Escape all user-provided content before rendering it in any context including HTML and JavaScript.

See Template Best Practices.

Cross-Site Request Forgery (CSRF)

Include CSRF protection in all state-changing controllers.

See Cross-Site Request Forgery.

Open Redirects

Open redirects are used in phishing attacks to redirect users to any URL. Never redirect users based on untrusted data. Follow the practices in Open Redirect Attacks.

Content Security Policy

Document and share your Content Security Policy with customers when applicable.

Patches and Upgrades

To simplify installation of patches and upgrades, direct customers to use separate cartridges for customizations whenever possible.

Environments

Follow the B2C Commerce security guidelines as you set up, administer, and develop your Salesforce B2C Commerce environments.