Salesforce (SFCC)

DataDome Salesforce Cartridge detects and protects against bot activity on Salesforce Commerce Cloud.

This cartridge enables setting up DataDome protection on Salesforce Commerce Cloud sites. It makes a call to the closest DataDome endpoint. Depending on the API response, the app either blocks the request or lets Salesforce Commerce Cloud proceed with the regular process.

The cartridge has been developed to protect the users' experience: if any errors were to occur during the process, or if the timeout is reached, the module will automatically disable its blocking process and allow the regular Salesforce Commerce Cloud process to proceed.

Compatiblity

The DataDome LINK cartridge has been tested against SFRA v5.0.1, SG v105.0.0 and in compatibility mode with v19.10, v18 and v10.

Prerequisites

A free trial must be started (through the sign-up form) or a DataDome representative must enable an account for the merchant, as part of which the merchant will be assigned a unique “API key” and “JS key”.

How to install

DataDome Cartridge is listed under the "Fraud & Security" section on the SFCC marketplace.
You can directly access it by going to the DataDome Cartridge SFCC marketplace.
Feel free to contact our support team to get access to DataDome Cartridge.

The DataDome LINK integration uses the following cartridges: int_datadome, datadome_sg_changes (for SiteGenesis) and datadome_sfra_changes (for SFRA).

How to configure

Step 1 - Cartridge Registration

Navigate to the following path: "Sites > Manage Sites > Merchant Site > Settings".
Add the cartridge names to the "Cartridges" path (WARNING: there are 2 names to add) as shown in the screenshot below:

SiteGenesis - Controller Version

Add "datadome_sg_changes:int_datadome:" at the beginning of the Cartridges field:

SFRA Version

Add "datadome_sfra_changes:int_datadome:" at the beginning of the Cartridges field:

Step 2 - Import DataDome Metadata and Services

  • Get the metadata.zip file from the DataDome cartridge’s Metadata folder
  • Navigate to: "Site Development > Site Import & Export"
  • Select the metadata.zip file and click on "Import" and complete the import process through the interface
  • The Services & Site Preferences will be imported including DataDome Configurations
  • The details on DataDome Services and Site Preferences are described below

Services Details

Navigate to: "Administration > Operations > Services".
After successfully importing the services, the following will be added:

Name

Profile

Credentials

int_datadome.http.protection.api

int_datadome.protection.api.profile

int_datadome.http.protection.api.cred

Protection API Service

The URL for Protection API could be set in int_datadome.http.protection.api.cred

Note: "User" and "Password" are not required.

The default timeout configured in int_datadome.protection.api.profile is 150 milliseconds. Do not change this value unless advised otherwise by DataDome.

Custom Code SiteGenesis - Controllers

Controller version uses “onRequest” hook to capture each request and further uses Regexes (see section 4.4.4) to filter which request should be able to call the DataDome API. Controller version has one controller, DataDome.js, which is used to manage responses returned from the DataDome API.

Adding DataDome JavaScript

For protection purposes, DataDome’s JavaScript must be included in the storefront header file, i.e. htmlhead.isml:

<isinclude template="include/datadomeheader.isml" />

See the default overridden templates in the cartridge for reference:
“/datadome_sg_changes/cartridge/templates/default/common/htmlhead.isml”

Custom Code SFRA (StoreFront Reference Architecture)

Similarly to the SiteGenesis version, SFRA uses “onRequest” hook to capture each request and further uses Regexes (see section 5.1.1) to filter which request should be able to call the DataDome API. SFRA cartridge has one controller, DataDome.js, which is used to manage responses returned from the DataDome API.

Adding DataDome JavaScript

For DataDome protection to work, DataDome’s dynamic JavaScript must be included in the storefront header file, i.e. htmlhead.isml:

<isinclude template="include/datadomeheader.isml" />

See the default overridden templates in the cartridge for reference:
“/datadome_sfra_changes/cartridge/templates/default/common/htmlHead.isml”

External Interfaces

There are no external interfaces.

Business Manager

DataDome Site Preferences

The DataDome LINK cartridge consists of the following configuration properties in
“Site > Merchant Tools > Site Preferences > Custom Preferences > DataDome Configurations”:

  1. Go to "Business Manager", "Merchant Tools" section
  2. Click on "Site preferences"
  3. Click on "Custom preferences"
  1. Click on "DataDome Configurations"
  2. Replace the License key with your own key from your dashboard
  3. Replace the JavaScript key with your own key from your dashboard
  4. Create the Regex for the content you want to exclude from the protection (assets for instance)
  5. Click on the "Save" button on the top-right

Congrats! Your website is ready to be protected against bot traffic!

Settings documentation

Setting

Description

DataDome Cartridge Enabled

Enables/disables DataDome cartridge

DataDome API Key

Server-side module Key for DataDome

DataDome JS Key

Client-side Key for DataDome

JS Tag URL

URL to retrieve the DataDome JS Tag file (by default https://js.datadome.co/tags.js)

JS Tag Endpoint

DataDome JS Tag API endpoint (by default https://api-js.datadome.co/js/)

DataDome Excluded Request Regex

Used to exclude static assets or pipelines from detection

DD Allowed Request Regex

Defines the pipelines to be included in the detection. Empty means "All"

DataDome Service Protocol

The protocol (HTTP or HTTPs) to use to access the DataDome service

DataDome Info Log Enabled

Enables/disables "Info" level logs

DataDome Debug Log Enabled

Enables/disables "Debug" level logs

Note: The default values are already set. Therefore, you don’t need to change any values unless otherwise needed.

Caching policy

DataDome module doesn't change the default caching policy.

However, the module adds a tracking cookie on all requests, which may impact some custom policies.

Feel free to contact our support for any specific needs.

First party JS tag

If you need to setup DataDome JS tag as a first party, please contact our support team and use the following two settings to setup the tag:

  • JS Tag URL
  • JS Tag Endpoint

Migrating from version 19.x to version 20.x

When migrating from DataDome cartridge you must know the cartridge names to be changed to comply with the new SFCC best practices.
Be sure your cartridge registrations are migrated from this:

SiteGenesis version 19.x

SFRA version 19.x

to this:

SiteGenesis version 20.x

SFRA version 20.x

Updated 16 days ago

Salesforce (SFCC)


DataDome Salesforce Cartridge detects and protects against bot activity on Salesforce Commerce Cloud.

Suggested Edits are limited on API Reference Pages

You can only suggest edits to Markdown body content, but not to the API spec.