Security and Privacy
In order to investigate issues and to troubleshoot reported problems, or download the connection bridge file API2Cart support technicians may require access to online store, web server and database.
We understand that this kind of access information is sensitive, and are best kept to a need-to-know basis. With this in mind, we will only require access to your online store where it is absolutely necessary.
We have taken every precaution to ensure that our systems which store access information is highly secure. However, there are additional precautions that we advise our customers take before providing us with access credentials.
In all cases where we require access to online store, we will make it clear to you exactly what access is needed, and why.
Summary of this FAQ
- When providing a technician with access to your online store, it is always best to change the password of admin account been provided with a random password temporarily, while the issue is being traced by us.
- Once your issue has been resolved, you should change the passwords of all provided accounts as soon as possible.
- In all issues that require access to your online store, the technician will make it clear to you exactly what access we need.
Access to your online store
Depending on the task which needs to be performed, an API2Cart technician may require access to your online store. We strongly advise you to change the password of Admin/FTP accounts being provided with a random password for API2Cart support for the duration of the issue, with only the essential permissions to your online store.
- Change the existing password of user/staff account with a random and complex password.
- Once your issue has been resolved, you should change its password as soon as possible.
Access to a web-online store administrator account
More often than not, we will require access to an administrator account on your online store. Follow the steps outlined in the Access to your online store section of this article.
Access to an FTP or SSH account
In order to investigate the problems, API2Cart support may require access to the files of your online store installation. Follow the steps outlined in the Access to your online store section of this article.
Make sure that this account is a user-level account that has access to the directory in which your online store is installed, unless our technician specifically requests an unrestricted access account (see below).
'Root' (unrestricted access) to your server
If a technician asks for 'root access' to your server (a root account with unrestricted permissions), please do not be alarmed. Only in the rarest of cases will we ask for such access - i.e. when our ability to diagnose and resolve your issue absolutely requires it (such as generating or monitoring server logs, or making server configuration changes).When providing us with root/unrestricted access to your server, it is imperative that you follow the temporary account creation steps outlined in the Access to your online store section of this article.
Firewalls and IP based authentication
If your systems are protected by IP address authentication (e.g. if you have a firewall), please let us know and we will provide you with the list of our office IP addresses to allow through.
API2Cart service takes serious measures to protect our clients personal and store information.
Bridge file. API2Cart service requires bridge downloading to establish integration with your software and retrieve data from stores. A connection bridge is the most secure method to access store data. The data you retrieve will be only used to employ certain API2Cart methods.
You can find the list of the accesses needed here.
Here, you can find a video tutorial on how to download bridge for bridge platforms easily. A similar tutorial for all the rest platforms can be found here. The bridge can be downloaded automatically with the help of the bridge.download method. Find more details on this issue here.
Technical side of bridge security
That is the way we check if the bridge is functioning correctly. All the other bridge-involving actions are performed the same way with just the “action” parameter changed and adding another parameter added.
The Store Key should be indicated EVERYTIME a bridge-involving action is performed. Otherwise, this action will not be performed. That is the way we do the authorization. If the store Key is indicated incorrectly, you will get the error you could see above.
FTP accesses are used to upload a bridge in order to specify connection with self-hosted carts.
In order to investigate issues and troubleshoot reported problems or download the connection bridge file, API2Cart support technicians may require access to the online store, web server and database.
It is recommended to temporarily change the password of the admin account before providing a technician with access to your online store. Once your issue is resolved, you should change the passwords of all the provided accounts as soon as possible. The technician will make it clear to you what access exactly we need to solve your problem. More details on which accesses API2Cart techs may ask can be found here.
You can disable automatic notifications from Data2CRM in the two different ways:
- Click the right mouse button on the notification and choose “disable notifications from www.api2cart.com”.
- Go to API2Cart website and press on the lock symbol in the address field. Choose “Use global default” from the drop down list.