How to Connect Salesforce Commerce Cloud

DigitSec S4 can analyze the security of Commerce Cloud deployments. The following steps demonstrate how to connect your Commerce Cloud environments to DigitSec:

Generate API Credentials in Commerce Cloud Account Manager

1. Login to Account Manager > Click on API Client > Click on Add API Client
2. Add Name, Password in the following screen:
   
   
3. Click on Add Organizations to add the Organization you want to connect.
4. Click on Add Roles > Select SandBox API User > Select the appropriate Sandboxes to retrieve the code from
5. For OpenID Connect add the following scopes: 
   roles
tenantFilter
profile
users

6. Put * in Allowed Scopes.
7. Add Redirect URIs. (Can be a link to your sandbox. S4 does not use this field.)
8. The Token Endpoint Auth Method is client_secret_basic
9. For Access Token Format select JWT

Take note of the API Client Id and API Client Password. You will use these values in later steps.

Enable API Credential in Business Manager

Now we use the above created API Client Id and grant access to the Business Manager by using the following steps:

1. Log into the Business Manager
2. Navigate to Administration > Site Development > Open Commerce API Settings
3. Make sure, that you select Data API and Global from the select boxes
4. Add the following JSON permission set using the client ID generated above:
   NOTE: Replace my_client_id with the API Client Id generated in the Account Manager
   
   

   {
   "_v": "19.5",
   "clients": [{
   "client_id": "my_client_id",
   "resources": [
   
   {
   "resource_id": "/*",
   "methods": ["get"],
   "read_attributes": "(**)"
   },
   
   {
   "resource_id": "/roles/*/permissions",
   "methods": ["get"],
   "read_attributes": "(**)"
   },
   
   {
   "resource_id": "/roles/*/users",
   "methods": ["get"],
   "read_attributes": "(**)"
   },
   {
   "resource_id": "/permissions/bm",
   "methods": ["get"],
   "read_attributes": "(**)"
   },
   
   {
   "resource_id": "/libraries/*/folders/*",
   "methods": ["get", "put", "patch", "delete"],
   "read_attributes": "(**)"
   },
   {
   "resource_id": "/libraries/*/folders/*/content",
   "methods": ["get"],
   "read_attributes": "(**)"
   },
   {
   "resource_id": "/libraries/*/folders/*/sub_folders",
   "methods": ["get"],
   "read_attributes": "(**)"
   },
   {
   "resource_id": "/libraries/*/content/*",
   "methods": ["get", "put", "patch", "delete"],
   "read_attributes": "(**)"
   },
   {
   "resource_id": "/libraries/*/content/*/folders",
   "methods": ["get"],
   "read_attributes": "(**)"
   },
   {
   "resource_id": "/libraries/*/folder_assignments/*/*",
   "methods": ["get", "put", "delete"],
   "read_attributes": "(**)"
   },
   
   {
   
   "resource_id": "/code_versions",
   
   "methods": ["get"],
   
   "read_attributes": "(**)"
   
   },
   
   {
   
   "resource_id": "/code_versions/*",
   
   "methods": ["patch", "delete"],
   
   "read_attributes": "(**)"
   
   },
   
   {
   
   "resource_id": "/jobs/*/executions",
   
   "methods": ["post"],
   
   "read_attributes": "(**)"
   
   },
   
   {
   
   "resource_id": "/jobs/*/executions/*",
   
   "methods": ["get"],
   
   "read_attributes": "(**)"
   
   },
   
   {
   
   "resource_id": "/sites/*/cartridges",
   
   "methods": ["post"],
   
   "read_attributes": "(**)"
   
   },
   
   {
   
   "resource_id": "/role_search",
   
   "methods": ["post"],
   
   "read_attributes": "(**)"
   
   },
   
   {
   
   "resource_id": "/roles/*",
   
   "methods": ["get"],
   
   "read_attributes": "(**)"
   
   },
   
   {
   
   "resource_id": "/roles/*/user_search",
   
   "methods": ["post"],
   
   "read_attributes": "(**)"
   
   },
   
   {
   
   "resource_id": "/roles/*/users/*",
   
   "methods": ["put", "delete"],
   
   "read_attributes": "(**)"
   
   },
   
   {
   
   "resource_id": "/user_search",
   
   "methods": ["post"],
   
   "read_attributes": "(**)"
   
   },
   
   {
   
   "resource_id": "/users",
   
   "methods": ["get"],
   
   "read_attributes": "(**)"
   
   },
   
   {
   
   "resource_id": "/users/*",
   
   "methods": ["put", "get", "patch", "delete"],
   
   "read_attributes": "(**)"
   
   },
   
   {
   
   "resource_id": "/site_preferences/preference_groups/*/*/preferences/*",
   
   "methods": ["get"],
   
   "read_attributes": "(**)"
   
   },
   
   
   
   
   
   {
   
   "resource_id": "/sites/*",
   
   "methods": ["get"],
   
   "read_attributes": "(**)"
   
   },
   
   {
   
   "resource_id": "/sites/*/site_preferences/preference_groups/*/*",
   
   "methods": ["get"],
   
   "read_attributes": "(**)"
   
   },
   
   {
   
   "resource_id": "/locale_info/locales",
   
   "methods": ["get"],
   
   "read_attributes": "(**)"
   
   },
   
   {
   
   "resource_id": "/ocapi_configs/*",
   
   "methods": ["get"],
   
   "read_attributes": "(**)"
   
   },
   
   {
   
   "resource_id": "/global_preferences/preference_groups/*/*",
   
   "methods": ["get"],
   
   "read_attributes": "(**)"
   
   }
   ]
   }]
   }

Add Commerce Cloud in DigitSec S4

Now with this information, please complete the following steps in DigitSec S4:

1. Login to S4 and click on Add Salesforce Cloud > Select Add Commerce Cloud Org as shown below:
   
2. Next enter the required information in the resulting form dialog.
3. After you hit save, DigitSec will verify if the set up is correct and then the org will be available for security analysis scans.