Your browser is out-of-date!

Update your browser to view this website correctly

×

Security and Privacy

Can I be sure of data security using API2Cart?

API2Cart service takes serious measures to protect our clients personal and store information. 
Sensitive data is protected from unauthorized access. We guarantee not to share your personal account data and keep it confidential. Terms of service security and information protection are provided by Privacy Policy.

Is it safe to download connection bridge?

API2Cart service requires bridge downloading to establish integration with your software and retrieve data from stores. A connection bridge is the most secure method to access store data. The data you retrieve will be used only in order to perform certain API2Cart methods.

Why API2Cart may need access to the online store or server?

In order to investigate issues and to troubleshoot reported problems, or download the connection bridge file API2Cart support technicians may require access to online store, web server and database.

We understand that this kind of access information is sensitive, and are best kept to a need-to-know basis. With this in mind, we will only require access to your online store where it is absolutely necessary.

We have taken every precaution to ensure that our systems which store access information is highly secure. However, there are additional precautions that we advise our customers take before providing us with access credentials.

In all cases where we require access to online store, we will make it clear to you exactly what access is needed, and why.

Summary of this FAQ

  • When providing a technician with access to your online store, it is always best to change the password of admin account been provided with a random password temporarily, while the issue is being traced by us.
  • Once your issue has been resolved, you should change the passwords of all provided accounts as soon as possible.
  • In all issues that require access to your online store, the technician will make it clear to you exactly what access we need.

Access to your online store

Depending on the task which needs to be performed, an API2Cart technician may require access to your online store. We strongly advise you to change the password of Admin/FTP accounts being provided with a random password for API2Cart support for the duration of the issue, with only the essential permissions to your online store.

  • Change the existing password of user/staff account with a random and complex password.
  • Once your issue has been resolved, you should change its password as soon as possible.

Access to a web-online store administrator account

More often than not, we will require access to an administrator account on your online store. Follow the steps outlined in the Access to your online store section of this article.

Access to an FTP or SSH account

In order to investigate the problems, API2Cart support may require access to the files of your online store installation. Follow the steps outlined in the Access to your online store section of this article.

Make sure that this account is a user-level account that has access to the directory in which your online store is installed, unless our technician specifically requests an unrestricted access account (see below).

'Root' (unrestricted access) to your server

If a technician asks for 'root access' to your server (a root account with unrestricted permissions), please do not be alarmed. Only in the rarest of cases will we ask for such access - i.e. when our ability to diagnose and resolve your issue absolutely requires it (such as generating or monitoring server logs, or making server configuration changes).

When providing us with root/unrestricted access to your server, it is imperative that you follow the temporary account creation steps outlined in the Access to your online store section of this article.

Firewalls and IP based authentication

If your systems are protected by IP address authentication (e.g. if you have a firewall), please let us know and we will provide you with the list of our office IP addresses to allow through.

How API2Cart treats data?

API2Cart doesn’t store any data, but only transmit it via API requests. The scheme below shows data flow between our customers’ software, API2Cart and shopping platforms.

Security Assurance

API2Cart service takes serious measures to protect our clients personal and store information.

Sensitive data is protected from unauthorized access. We guarantee not to share your personal account data and keep it confidential. Terms of service security and information protection are provided by our Privacy Policy.

Bridge file. API2Cart service requires bridge downloading to establish integration with your software and retrieve data from stores. A connection bridge is the most secure method to access store data. The data you retrieve will be only used to employ certain API2Cart methods.

You can find the list of the accesses needed here.

Here, you can find a video tutorial on how to download bridge for bridge platforms easily. A similar tutorial for all the rest platforms can be found here. The bridge can be downloaded automatically with the help of the bridge.download method. Find more details on this issue here.

Technical side of bridge security

IMPORTANT: When API2Cart sends a request to the bridge file, the “token” parameter is required. This parameter should have the store key value as it is shown in the example picture.

That is the way we check if the bridge is functioning correctly. All the other bridge-involving actions  are performed the same way with just the “action” parameter changed and adding another parameter added.

The Store Key should be indicated EVERYTIME a bridge-involving action is performed. Otherwise, this action will not be performed. That is the way we do the authorization. If the store Key is indicated incorrectly, you will get the error you could see above.

FTP accesses are used to upload a bridge in order to specify connection with self-hosted carts.

In order to investigate issues and troubleshoot reported problems or download the connection bridge file, API2Cart support technicians may require access to the online store, web server and database.

It is recommended to temporarily change the password of the admin account before providing a technician with access to your online store. Once your issue is resolved, you should change the passwords of all the provided accounts as soon as possible. The technician will make it clear to you  what access exactly we need to solve your problem. More details on which accesses API2Cart techs may ask can be found here.

We highly respect API2Cart customers’ privacy. We have adopted all the necessary measures so that you could be confident about how we protect and manage personal information. For more information please get familiar with Privacy Policy of our company.

How can I disable notifications from API2Cart?

You can disable automatic notifications from Data2CRM in the two different ways:

  1. Click the right mouse button on the notification and choose “disable notifications from www.api2cart.com”.
  2. Go to API2Cart website and press on the lock symbol in the address field. Choose “Use global default” from the drop down list.

disable-notifications

Need help or advice?

Nothing clarifies things better than a live talk
Schedule a call