Redacción Alabrent
Increased securityEnsuring online security and data confidentiality is critical for all cloud solutions. As systems evolve, safeguarding sensitive information against unauthorized access, data breaches, and cyber threats remains a top priority. Protecting customer files, job specifications, and business-critical data from unauthorized access is vital. For this new release, the StoreFront platform received a complete overhaul, built on the latest software technologies, aligned with recommended industry practices and validated through comprehensive security audits.
Minimum product pricing
Based on customer feedback, the pricing policy when using degressive pricing specified on Media Type Options was changed. If the price of a product determined by the "Media Type Option", including other selected options, is lower than its specified media minimum price, the quoted minimum product price will no longer include the price of the other chosen options. This means that under all circumstances, the specified media minimum price is the effective minimum price quoted to the shopper.
More flexible layout of custom pages
StoreFront shops can have up to six pages with information for shoppers. These pages can also include optional contact and link boxes on the left-hand side. If both boxes are disabled, the Content box now fills the entire page width.
Changes in the StoreFront API
The StoreFront API enables third-party applications, such as MIS systems and planning software, to retrieve order-related data.
For this 7.0 update, the API has been enhanced. The responses to calls for retrieving order shipment and order item data now also include (besides the internal IDs) the actual order, order item and order shipment numbers.
The security enhancements in StoreFront v7 also impact this API. The following calls are not affected:
- POST and GET calls used for CAS authentication
- POST calls that include sfadmin/a/api
- All GET calls
However, all other POST calls within StoreCenter and StoreFront will be affected. The key change is that these POST calls now require a CSRF token in the request header. This token is generated during authentication and remains valid only for the current login session. More detailed information is available upon request.
Other improvements
As usual, this upgrade also includes a series of fixes for customer-reported issues.
Privacy policy recommendations
Previous StoreFront updates added functions to make it easier to comply with privacy legislation, such as GDPR and CCPA. StoreFront v7 does not add any privacy-related features. Still, based on our monitoring of how the service is used, we do want to make some recommendations to ensure proper compliance with local privacy legislation.
- If your privacy policy states that you store private data for X years (as is mandatory in Europe), you should review the user list once a year and sort it by 'Last Login'. Any users who have not logged in over the past X years should have their accounts removed.
- Similarly, if a store is deactivated because one of your customers no longer uses it, you should delete the users of that store after X years. To make this easier, sort the User list using the 'Store' column.
- If you add 'Custom attributes' that contain private data to user profiles (such as membership status of a political party), your privacy policy should disclose this and the customer you implemented this for should have agreed to it.
- In general, please delete any administrator accounts immediately for people who no longer work for your or your customer's company.