- How It Works
- Use Cases
- Industry Cases
- Business Cases
- Case Studies
- API Docs
- Log In
- Sign Up
Download the guide "How to Integrate with Multiple eCommerce Platforms in Less than a Month" and find more how to connect your B2B SaaS system with various shopping platforms quickly!
In order to investigate issues and to troubleshoot reported problems, or download the connection bridge file API2Cart support technicians may require access to online store, web server and database.
We understand that this kind of access information is sensitive, and are best kept to a need-to-know basis. With this in mind, we will only require access to your online store where it is absolutely necessary.
We have taken every precaution to ensure that our systems which store access information is highly secure. However, there are additional precautions that we advise our customers take before providing us with access credentials.
In all cases where we require access to online store, we will make it clear to you exactly what access is needed, and why.
Depending on the task which needs to be performed, an API2Cart technician may require access to your online store. We strongly advise you to change the password of Admin/FTP accounts being provided with a random password for API2Cart support for the duration of the issue, with only the essential permissions to your online store.
More often than not, we will require access to an administrator account on your online store. Follow the steps outlined in the Access to your online store section of this article.
In order to investigate the problems, API2Cart support may require access to the files of your online store installation. Follow the steps outlined in the Access to your online store section of this article.
Make sure that this account is a user-level account that has access to the directory in which your online store is installed, unless our technician specifically requests an unrestricted access account (see below).
If a technician asks for 'root access' to your server (a root account with unrestricted permissions), please do not be alarmed. Only in the rarest of cases will we ask for such access - i.e. when our ability to diagnose and resolve your issue absolutely requires it (such as generating or monitoring server logs, or making server configuration changes).When providing us with root/unrestricted access to your server, it is imperative that you follow the temporary account creation steps outlined in the Access to your online store section of this article.
If your systems are protected by IP address authentication (e.g. if you have a firewall), please let us know and we will provide you with the list of our office IP addresses to allow through.
API2Cart service takes serious measures to protect our clients personal and store information.
Bridge file. To be able to work with some shopping platforms, it is necessary to install the connection bridge to the store’s root folder. The list of all the platforms that require the bridge installing you can find here.
A connection bridge is the most secure method to access store data. The data received will be used only for providing the work of API2Cart API methods. API2Cart doesn't collect and save any data retrieved from the stores. As an exception, we save the credentials needed for making API requests to the stores. Also, we are caching the store configuration (e.g., the list of supported currencies, time zones, etc.) as it helps reduce the number of requests to the stores.
Here, you can find a video tutorial on how to download bridge for bridge platforms easily. A similar tutorial for all the rest platforms can be found here. The bridge can be downloaded automatically with the help of the bridge.download method. More details related to the bridge you can find here.
Technical side of bridge security
IMPORTANT: For each request from API2Cart to the bridge, we form the signature based on request parameters and srore_key. When the request comes to the bridge, the signature is calculated on the bridge and compared with the one sent from API2Cart. If it matches then the request will be performed. Otherwise, the bridge will present an error. That is the way we do the authorization.
FTP credentials are used to upload a bridge in order to specify connection with self-hosted platforms. When adding a store to API2Cart using FTP, credentials are used only for bridge uploading, and they are not stored in our system.
In order to investigate issues and troubleshoot reported problems or install the connection bridge file, API2Cart support technicians may require access to the online store, web server and database.
It is recommended to temporarily change the password of the admin account before providing a technician with access to your online store. Once your issue is resolved, you should change the passwords of all the provided accounts as soon as possible. The technician will make it clear to you what access exactly we need to solve your problem. More details on which accesses API2Cart techs may ask can be found here.
You can disable automatic notifications from API2Cart in the two different ways: