You can set up and adjust security for your external dynamic content by doing the following:
- Set up a passcode to be sent with
GETrequests to dynamic content URLs (recommended)
- Restrict the IP addresses for which external dynamic content URLs will be displayed.
Implementing and adjusting security settings
When you install the Engagement Cloud for Magento connector, we generate a unique passcode that is used to access external dynamic content. By using this passcode you can be sure that basket contents and coupon codes can be viewed only if that passcode is sent with the
GET request to the external dynamic content URL, adding security.
Go to System > Configuration > DOTMAILER > Dynamic Content and click External Dynamic Content URL's.
The passcode field contains the 32 random characters that were generated when you installed the connector.
We recommend that you do not change this password field, although you can if you want.
Not seeing the 32 random characters?
If either you use a version of Engagement Cloud for Magento that is lower than v6.4.3 or you upgrade from a version of Engagement Cloud for Magento that is lower than v6.4.3, we recommend that you create a random 32 character passcode.
The passcode can include the following characters:
- Numbers (0-9)
- Uppercase letters (A-Z)
- Lowercase letters (a-z)
Dynamic pages IP restriction
In addition to all our URLs requiring the above passcode included, you can also manage the list of requesting IP addresses that these URLs will display for when requested from them. The 'Dynamic Pages IP Restriction' section is found in System > Configuration > DOTMAILER > Developer.
As a default, we include the three IP addresses (184.108.40.206, 220.127.116.11, 18.104.22.168) that Engagement Cloud sends requests from when sending emails to pull in this content, but for testing purposes you may want to add your office IP so you can view these URLs directly in your browser.
Important!When adding an IP address to this list, you need to leave a space after the comma that separates it from the last IP address in the list. Without it, your external dynamic content won't work.
Removing all IPs from this box and clicking Save Config will completely disable the IP verification on these pages (for v5.3.0 and above). This is not recommended, however.
Magento 2.0The above also applies for Magento 2.0, with the only difference being that the 'Passcode' section can be found by going to Stores > Configuration > DOTMAILER > Dynamic Content, and the 'Dynamic Pages IP Restriction' can be found by going to Stores > Configuration > DOTMAILER > Developer.