Dynamic content: Security settings - Magento 1
Gareth Burroughes avatar
Written by Gareth Burroughes
Updated over a week ago

You can set up and adjust security for your external dynamic content by:

  • Setting up a passcode to be sent with GET requests to dynamic content URLs (recommended)

  • Restricting the IP addresses for which external dynamic content URLs can be displayed.

Adjust security settings


When you install the Dotdigital for Magento connector, we generate a unique passcode that is used to access external dynamic content. By using this passcode, you can be sure that basket contents and coupon codes can be viewed only if that passcode is sent with the GET request to the external dynamic content URL, adding security.

  1. Go to System > Configuration > Dotdigital > Dynamic Content

  2. Select External Dynamic Content URL's.

The passcode field contains the 32 random characters that were generated when you installed the connector.

We recommend that you do not change this password field, although you can if you want.

Not seeing the 32 random characters?

If either you use a version of Dotdigital for Magento that is lower than v6.4.3 or you upgrade from a version of Dotdigital for Magento that is lower than v6.4.3, we recommend that you create a random 32 character passcode.

The passcode can include the following characters:

  • Numbers (0-9)

  • Uppercase letters (A-Z)

  • Lowercase letters (a-z)

Dynamic pages IP restriction

In addition to all our URLs requiring the above passcode included, you can also manage the list of requesting IP addresses that these URLs can display for when requested. To do this, go to System > Configuration > Dotdigital > Developer.

As a default, we include the three IP addresses (,, that Dotdigital sends requests from when sending emails to pull in this content, but for testing purposes you may want to add your office IP so you can view these URLs directly in your browser.


When adding an IP address to this list, you need to leave a space after the comma that separates it from the last IP address in the list. Without it, your external dynamic content won't work.

you can remove all IPs from this box and select Save Config to completely disable the IP verification on these pages (for v5.3.0 and above). This is not recommended, however.

Did this answer your question?