DigitSec can analyze the security of Commerce Cloud deployments. The following steps demonstrate how to connect your Commerce Cloud environments to DigitSec:
Generate API Credentials in Commerce Cloud Account Manager
- Login to Account Manager > Click on API Client > Click on Add API Client
- Add Name, Password in the following screen:
- Click on Add Organizations to add the Organization you want to connect.
- Click on Add Roles > Select SandBox API User > Select the appropriate Sandboxes to retrieve the code from
- For OpenID Connect add the following scopes:
roles
tenantFilter
profile
users
- Put * in Allowed Scopes.
- Add Redirect URIs. (Can be a link to your sandbox. S4 does not use this field.)
- The Token Endpoint Auth Method is client_secret_basic
- For Access Token Format select JWT
Take note of the API Client Id and API Client Password. You will use these values in later steps.
Enable API Credential in Business Manager
Now we use the above created API Client Id and grant access to the Business Manager by using the following steps:
- Log into the Business Manager
- Navigate to Administration > Site Development > Open Commerce API Settings
- Make sure, that you select Data API and Global from the select boxes
- Add the following JSON permission set using the client ID generated above:
NOTE: Replace my_client_id with the API Client Id generated in the Account Manager
{ "_v": "24.5", "clients": [{ "client_id": "my_client_id", "resources": [ { "resource_id": "/*", "methods": ["get"], "read_attributes": "(**)" }, { "resource_id": "/product_search", "methods": ["post"], "read_attributes": "(**)", "write_attributes": "(**)" }, { "resource_id": "/roles/*/permissions", "methods": ["get"], "read_attributes": "(**)" }, { "resource_id": "/roles/*/users", "methods": ["get"], "read_attributes": "(**)" }, { "resource_id": "/permissions/bm", "methods": ["get"], "read_attributes": "(**)" }, { "resource_id": "/sites/*/coupon_search", "methods": ["post"], "read_attributes": "(**)", "write_attributes":"(**)" }, { "resource_id": "/libraries/*/folders/*", "methods": ["get", "put", "patch", "delete"], "read_attributes": "(**)" }, { "resource_id": "/libraries/*/folders/*/content", "methods": ["get"], "read_attributes": "(**)" }, { "resource_id": "/libraries/*/folders/*/sub_folders", "methods": ["get"], "read_attributes": "(**)" }, { "resource_id": "/libraries/*/content/*", "methods": ["get", "put", "patch", "delete"], "read_attributes": "(**)" }, { "resource_id": "/libraries/*/content/*/folders", "methods": ["get"], "read_attributes": "(**)" }, { "resource_id": "/libraries/*/folder_assignments/*/*", "methods": ["get", "put", "delete"], "read_attributes": "(**)" }, { "resource_id": "/code_versions", "methods": ["get"], "read_attributes": "(**)" }, { "resource_id": "/code_versions/*", "methods": ["patch", "delete"], "read_attributes": "(**)" }, { "resource_id": "/jobs/*/executions", "methods": ["post"], "read_attributes": "(**)" }, { "resource_id": "/sites/*/campaign_search", "methods": ["post"], "read_attributes": "(**)" }, { "resource_id": "/sites/*/campaigns/*", "methods": ["get"], "read_attributes": "(**)" }, { "resource_id": "/sites/*/coupon_redemption_search", "methods": ["post"], "read_attributes": "(**)", "write_attributes": "(**)" }, { "resource_id": "/sites/*/coupon_search", "methods": ["post"], "read_attributes": "(**)", "write_attributes": "(**)" }, { "resource_id": "/sites/*/coupons", "methods": ["get"], "read_attributes": "(**)" }, { "resource_id": "/sites/*/coupons/*", "methods": ["get"], "read_attributes": "(**)" }, { "resource_id": "/products/*", "methods": ["get"], "read_attributes": "(**)" }, { "resource_id": "/sites/*/promotion_search", "methods": ["post"], "read_attributes": "(**)", "write_attributes": "(**)" }, { "resource_id": "/sites/*/coupons/*/campaigns", "methods": ["get"], "read_attributes": "(**)" }, { "resource_id": "/sites/*/coupon_redemption_search", "methods": ["post"], "read_attributes": "(**)" }, { "resource_id": "/sites/*/coupons/*/codes", "methods": ["get"], "read_attributes": "(**)" }, { "resource_id": "/sites/*/coupons/*/promotions", "methods": ["get"], "read_attributes": "(**)" }, { "resource_id": "/sites/*/promotions/{id}", "methods": ["get"], "read_attributes": "(**)" }, { "resource_id": "/sites/*/promotion_search", "methods": ["post"], "read_attributes": "(**)" }, { "resource_id": "/sites/*/gift_certificates", "methods": ["get"], "read_attributes": "(**)" }, { "resource_id": "/sites/*/gift_certificates", "methods": ["get"], "read_attributes": "(**)" }, { "resource_id": "/sites/*/gift_certificate_search", "methods": ["post"], "read_attributes": "(**)" }, { "resource_id": "/sites/*/coupons/*/campaigns/*/promotions", "methods": ["get"], "read_attributes": "(**)" }, { "resource_id": "/jobs/*/executions/*", "methods": ["get"], "read_attributes": "(**)" }, { "resource_id": "/sites/*/cartridges", "methods": ["post"], "read_attributes": "(**)" }, { "resource_id": "/role_search", "methods": ["post"], "read_attributes": "(**)" }, { "resource_id": "/roles/*", "methods": ["get"], "read_attributes": "(**)" }, { "resource_id": "/roles/*/user_search", "methods": ["post"], "read_attributes": "(**)" }, { "resource_id": "/roles/*/users/*", "methods": ["put", "delete"], "read_attributes": "(**)" }, { "resource_id": "/user_search", "methods": ["post"], "read_attributes": "(**)" }, { "resource_id": "/users", "methods": ["get"], "read_attributes": "(**)" }, { "resource_id": "/users/*", "methods": ["put", "get", "patch", "delete"], "read_attributes": "(**)" }, { "resource_id": "/site_preferences/preference_groups/*/*/preferences/*", "methods": ["get"], "read_attributes": "(**)" }, { "resource_id": "/sites/*", "methods": ["get"], "read_attributes": "(**)" }, { "resource_id": "/sites/*/site_preferences/preference_groups/*/*", "methods": ["get"], "read_attributes": "(**)" }, { "resource_id": "/locale_info/locales", "methods": ["get"], "read_attributes": "(**)" }, { "resource_id": "/ocapi_configs/*", "methods": ["get"], "read_attributes": "(**)" }, { "resource_id": "/global_preferences/preference_groups/*/*", "methods": ["get"], "read_attributes": "(**)" }, { "resource_id": "/job_execution_search", "methods": ["post"], "read_attributes": "(**)", "write_attributes":"(**)" } ] }] }
Note: Updated 2025-02-20: This JSON Permission set will enable the additional functionality.
Add Commerce Cloud in DigitSec
Now with this information, please complete the following steps in DigitSec S4:
- Login to S4 and click on Add Workspace > Select Commerce Cloud (B2C) as shown below:
- Next enter the required information in the resulting form dialog.
- After you hit save, DigitSec will verify if the set up is correct and then the site will be available for security analysis scans.
To analyze coupon codes
To analyze coupon codes generated in an SFCC site after having used the JSON permission set updated 2025-02-20 (indicated above), please set up a job to export promotions.
On Salesforce, go to Business Manager and visit Administration -> Operations -> Jobs: Please click on the New Job button and notice the following screen:
Click on the New Job button for DigitSecSecurityAnalysis to see the next screen
Please click on the Schedule and History tab and configure the settings to run daily as shown. The From date may be from whatever day you choose, but please set the time for 2:39:00 pm and have it run daily.
Next, click on the Job Steps tab and click on Configure Step and enter ExportPromotions in the search box and select ExportPromotionsfrom the drop down menu as shown below:
Please enter the data as shown in the following screenshot and click "Assign". The values SHOULD BE IDENTICAL to the values indicated in the sample screenshot below.
Next, please click on scope:
Select "Specific Sites" from the drop down and then select the site you wish to be analyzed by the DigitSec Security Scanner, then click "Assign"
Please review the following screenshot as an example.
Once this is complete, please click "Run Now" to make sure the job is working as expected. Once the job has completed successfully, you can return to DigitSec and initiate a scan that will utilize the new Rules.
