Launch Your Storefront

This guide describes how to launch a PWA Kit storefront and make it accessible from its official, public web address. You have three options to launch and route traffic to your PWA Kit storefront:

  1. Use a third-party CDN like CloudFlare or Akamai.
  2. Use the Embedded CDN (eCDN), provided by Salesforce Commerce Cloud. For more information about routing traffic to Managed Runtime using eCDN, refer to the guide.
  3. Use the Managed Runtime CDN.

Throughout this guide we use an example storefront with the following attributes:

  • Production URL:
  • Project ID: example
  • Environment IDs: staging and production

Stacking a third-party CDN on top of Managed Runtime is optional. Customers can choose to use a third-party CDN based on:

  • A pre-existing relationship with their CDN vendor of choice, where internal teams are skilled in configuring and managing a CDN.
  • A need for additional control of CDN features above and beyond what eCDN or Managed Runtime provides.

Customers who desire low cost to serve, quick time to market, and have limited CDN requirements can use either eCDN or the built-in Managed Runtime CDN.

This guide assumes that you have access to the Runtime Admin web application and the Managed Runtime API to perform administrative tasks. To get access to these tools, contact your Commerce Cloud administrator and ask them to add either one of the following roles to your account using Account Manager: Managed Runtime User or Managed Runtime Admin.

To make requests to the Managed Runtime API, you must include an API key in the HTTP request Authorization header with the value, Bearer $API_KEY. For all the sample requests provided, don’t forget to replace $API_KEY with your actual API key.

To find your API key, log in to Runtime Admin and go to the Account Settings page.

Important: Treat your API key like a password because it allows scripts to complete operations on your behalf.

You need access to your DNS provider to create and update CNAME records, as well as access to your third-party CDN provider (as applicable).

In this guide, the word “Mobify” appears in a few places. Mobify is the name of the company that originally developed the technology that became PWA Kit and Managed Runtime. In 2020, Salesforce acquired Mobify along with all of its technology.

The Mobify brand name appears in the domain used to host your storefront and the domain used by the Managed Runtime API.

If you need to add conditional logic that alters the behavior of your site depending on the domain used, it’s easier to test this logic when your local development server can use a custom domain. Why would you need to add this kind of logic? Consider, for example, the need to look up a different SLAS Client ID depending on the domain.

To run your local development server using a custom domain:

  1. Modify your local computer's DNS to resolve your custom domain to (localhost).
  2. Edit ssr.js.
  3. In the options passed to runtime.createHandler, set the port to 80.
  4. Run npm start, replacing the value of with your custom domain. Running the server on port 80 can sometimes require administrative privileges.

Requests from your browser to the custom domain are now resolved and routed to your local development server!

The process for launching an environment is the same for staging and production, with the only difference being the domain name and the Managed Runtime environment used.

We strongly recommend going through the launch process on a staging environment first before repeating the process on production. These steps should be completed as soon as you start a PWA Kit project and at least two weeks before your launch date.

For the instructions provided, imagine you’re launching a storefront at, your project ID in Managed Runtime is example, and your bundle is deployed to an environment called staging.

Use Runtime Admin or Managed Runtime API to create an environment called staging to practice launching the storefront.

Here's a sample request that uses the projects_target_create endpoint to create an environment. Replace example in the request with your actual project ID string and $API_KEY with your API key:

For instructions on creating an environment with Runtime Admin, see our guide to Managed Runtime Administration.

Many PWA Kit implementations make requests to OCAPI or controllers in addition to B2C Commerce API.

You must ensure your B2C Commerce instance is reachable by Managed Runtime.

Making the APIs reachable typically involves configuring eCDN to make your B2C Commerce instance available at a alternative domain like For more information, refer to the eCDN setup and configuration documentation.

After your domain is configured, update your environment’s proxy settings to use it. For more information, see our guide to Proxying Requests.

This step is not required when using a third-party CDN or eCDN. Consult your CDN vendor documentation for configuring certs.

If you are routing traffic directly to the Managed Runtime CDN, then Managed Runtime issues and manages TLS certificates on your behalf.

To allow Managed Runtime to issue a cert, you must:

  • Choose the domains you want to use for your storefront. For example, and Wildcard domains like * are supported. Specific domain certs will only be issued for domains associated with staging and production environments.
  • Ensure the domains CAA records are set to allow AWS to issue certs.
  • Contact Salesforce Customer Support, providing your desired cert domains.
  • Salesforce provides a CNAME record used to validate domain ownership. You must create the provided record within 24 hours of receiving the details.

This step is not required when using a third-party CDN or eCDN.

Reduce the time to live (TTL) for to one minute. Reducing the TTL speeds up the DNS cutover process, and if something goes wrong, allows you to roll back quickly.

You can verify the TTL using the dig command:

Set an environment’s access control header using the Managed Runtime UI under Access Control Settings or using the access_control_header API. In this example, we use the API to set an access control header with the header value 25pn5dec7f1c. See Access Control Headers.

Configure the environment to receive traffic from the host

Update the environment’s ssr_external_domain and ssr_external_hostname settings using the projects_target_partial_update API:

After this step, the environment is no longer accessible at its domain.

Verify that the new settings are in effect using a cURL command that makes a request with DNS spoofing:

The cutover process is different depending on whether you use a third-party CDN, eCDN, or the Managed Runtime CDN.

Configure your Managed Runtime environment as an origin in your CDN:

  • set the Host header to match your environment {{project}}-{{environment}}
  • forward the request method
  • forward the path (including query string)
  • forward the headers
  • forward the body
  • forward all traffic over HTTPS
  • obey HTTP caching headers
  • set the x-sfdc-access-control header value if configured for your environment

Refer to your CDN provider documentation for detailed guidance.

Managed Runtime routes requests to environments using the HTTP Host header. Requests with an incorrect host are rejected with an HTTP 403 Bad Request response.

Consider adding a handler to reflect HTTP requests and verify that your CDN is configured correctly:

Also consider adding a proxy with to verify headers passed to proxies are sent correctly.

If you encounter issues, use the techniques described in Debug PWA Kit Apps.

Update your eCDN routing rules to route traffic to your Managed Runtime environment. Review the eCDN MRT Rules guide for more information.

Perform a DNS cutover to point your domain from the old origin to the Managed Runtime CDN.

The Managed Runtime CDN domain follows the convention {{project}}-{{environment}} where {{project}} is your project ID, and {{environment}} is your environment ID.

Update the DNS CNAME record for to

Open your web browser and navigate to

Congrats, you’ve completed your launch! 🥳

After completing these instructions for a staging site, you can repeat the same process with the production domain and production environment.

From here, the Customer Success Group assists you in monitoring the site’s traffic to make sure that the launch has succeeded. The goal is to ensure that everything happens as expected during launch!

After launch, customers with a Signature Success Plan receive proactive site monitoring. To take advantage of this increased monitoring service, you must mark your environment as production. For more information, see the section on environments in the Managed Runtime Overview.

  • The ssr_external_hostname target setting controls which host the environment receives traffic from. If the HTTP Host header of a request doesn’t match this value, the request fails with a 403 error.
  • Currently, Salesforce doesn’t support storefront URLs with a bare domain like (with no www subdomain). To use a bare domain, you must set up a server to redirect requests from the bare domain to your CNAME.