Have questions? Leave your message here or Schedule a quick call with our manager now

Security and Privacy

API2Cart service takes serious measures to protect our customers' personal and store data.  
Sensitive data is protected from unauthorized access. We guarantee that we will not share your personal account information and will keep it totally confidential. Terms of service security and information protection are provided by Privacy Policy.
API2Cart service requires bridge downloading to establish integration with your software and retrieve data from stores. A connection bridge is the most secure method to access store data. The data you retrieve will be used only in order to perform certain API2Cart methods.

In order to investigate issues and to troubleshoot reported problems, or download the connection bridge file API2Cart support technicians may require access to online store, web server and database.

We understand that this kind of access information is sensitive, and are best kept to a need-to-know basis. With this in mind, we will only require access to your online store where it is absolutely necessary.

We have taken every precaution to ensure that our systems which store access information is highly secure. However, there are additional precautions that we advise our customers take before providing us with access credentials.

In all cases where we require access to online store, we will make it clear to you exactly what access is needed, and why.

Summary of this FAQ

  • When providing a technician with access to your online store, it is always best to change the password of admin account been provided with a random password temporarily, while the issue is being traced by us.
  • Once your issue has been resolved, you should change the passwords of all provided accounts as soon as possible.
  • In all issues that require access to your online store, the technician will make it clear to you exactly what access we need.

Access to your online store

Depending on the task which needs to be performed, an API2Cart technician may require access to your online store. We strongly advise you to change the password of Admin/FTP accounts being provided with a random password for API2Cart support for the duration of the issue, with only the essential permissions to your online store.

  • Change the existing password of user/staff account with a random and complex password.
  • Once your issue has been resolved, you should change its password as soon as possible.

Access to a web-online store administrator account

More often than not, we will require access to an administrator account on your online store. Follow the steps outlined in the Access to your online store section of this article.

Access to an FTP or SSH account

In order to investigate the problems, API2Cart support may require access to the files of your online store installation. Follow the steps outlined in the Access to your online store section of this article.

Make sure that this account is a user-level account that has access to the directory in which your online store is installed, unless our technician specifically requests an unrestricted access account (see below).

'Root' (unrestricted access) to your server

If a technician asks for 'root access' to your server (a root account with unrestricted permissions), please do not be alarmed. Only in the rarest of cases will we ask for such access - i.e. when our ability to diagnose and resolve your issue absolutely requires it (such as generating or monitoring server logs, or making server configuration changes).

When providing us with root/unrestricted access to your server, it is imperative that you follow the temporary account creation steps outlined in the Access to your online store section of this article.

Firewalls and IP based authentication

If your systems are protected by IP address authentication (e.g. if you have a firewall), please let us know and we will provide you with the list of our office IP addresses to allow through.

API2Cart doesn’t store any data, but only transmit it via API requests. The scheme below shows data flow between our customers’ software, API2Cart and shopping platforms.

API2Cart service takes serious measures to protect our clients personal and store information.

Sensitive data is protected from unauthorized access. We guarantee not to share your personal account data and keep it confidential. Terms of service security and information protection are provided by our Privacy Policy.

Bridge file. To be able to work with some shopping platforms, it is necessary to install the connection bridge to the store’s root folder. The list of all the platforms that require the bridge installing you can find here.

A connection bridge is the most secure method to access store data. The data received will be used only for providing the work of API2Cart API methods. API2Cart doesn't collect and save any data retrieved from the stores. As an exception, we save the credentials needed for making API requests to the stores. Also, we are caching the store configuration (e.g., the list of supported currencies, time zones, etc.) as it helps reduce the number of requests to the stores.

Here, you can find a video tutorial on how to download bridge for bridge platforms easily. A similar tutorial for all the rest platforms can be found here. The bridge can be downloaded automatically with the help of the bridge.download method. More details related to the bridge you can find here.

Technical side of bridge security

IMPORTANT: For each request from API2Cart to the bridge, we form the signature based on request parameters and srore_key. When the request comes to the bridge, the signature is calculated on the bridge and compared with the one sent from API2Cart. If it matches then the request will be performed. Otherwise, the bridge will present an error. As of bridge version 141, communication between the bridge and API2Cart is encrypted. That is the way we do the authorization.

FTP credentials are used to upload a bridge in order to specify connection with self-hosted platforms. When adding a store to API2Cart using FTP, credentials are used only for bridge uploading, and they are not stored in our system.

In order to investigate issues and troubleshoot reported problems or install the connection bridge file, API2Cart support technicians may require access to the online store, web server and database.

It is recommended to temporarily change the password of the admin account before providing a technician with access to your online store. Once your issue is resolved, you should change the passwords of all the provided accounts as soon as possible. The technician will make it clear to you what access exactly we need to solve your problem. More details on which accesses API2Cart techs may ask can be found here.

We highly respect API2Cart customers’ privacy. We have adopted all the necessary measures so that you could be confident about how we protect and manage personal information. For more information please get familiar with the Privacy Policy of our company.

You can disable automatic notifications from API2Cart in the two different ways:

  1. Click the right mouse button on the notification and choose “disable notifications from www.api2cart.com”.
  2. Go to API2Cart website and press on the lock symbol in the address field. Choose “Use global default” from the drop down list.

disable-notifications