Salesforce (SFCC)
DataDome Salesforce Cartridge detects and protects against bot activity on Salesforce Commerce Cloud.
Limited Maintenance
Moving forward, the
SalesforceCommerceCloud
cartridge will receive prioritized updates and support. This ensures ongoing improvements in security, performance, and ease of use, while this old cartridge will see limited future development.
This cartridge enables setting up DataDome protection on Salesforce Commerce Cloud sites. It makes a call to the closest DataDome endpoint. Depending on the API response, the app either blocks the request or lets Salesforce Commerce Cloud proceed with the regular process.
The cartridge has been developed to protect the users' experience: if any errors were to occur during the process, or if the timeout is reached, the module will automatically disable its blocking process and allow the regular Salesforce Commerce Cloud process to proceed.
Compatibility
The DataDome cartridge has been tested against SFRA v5.0.1, SG v105.0.0 and in compatibility mode with v19.10, v18 and v10.
Prerequisites
A free trial must be started (through the sign-up form) or a DataDome representative must enable an account for the merchant, as part of which the merchant will be assigned a unique “API key” and “JS key”.
How to install
DataDome Cartridge can be downloaded here.
The DataDome integration uses the following cartridges: int_datadome, datadome_sg_changes (for SiteGenesis) and datadome_sfra_changes (for SFRA).
Step 1 - Upload (Manually) the cartridges
Navigate to: Administration > Site Development > Code Deployment. Create a new Code version. It will contain all the necessary cartridges.
Then click on the version ID you have just created. This version summary will give you a link to Webdav to upload your cartridges. Note: Datadome cartridges should be uploaded to the root folder of your version
Step 2 - Upload the Metadata and services
Navigate to: Administration > Site development > Site Import & Export
- From the archive, upload the metadata.zip file
- Next, select instance/metadata.zip and click on "Import" to complete the import process through the interface
- You can check the import status at the bottom of the page
How to configure
Step 1 - Cartridge Registration
Navigate to the following path: Administration dropdown > Sites > Manage Sites > Merchant Site > Settings.
Add the cartridge names to the "Cartridges" path (WARNING: there are 2 names to add) as shown in the screenshot below:
SiteGenesis - Controller Version
Add "datadome_sg_changes:int_datadome:" at the beginning of the Cartridges field:
SFRA Version
Add "datadome_sfra_changes:int_datadome:" at the beginning of the Cartridges field:
Step 2 - Configure DataDome Metadata and Services
- The details on DataDome Services and Site Preferences are described below
Services Details
Navigate to: **Administration > Operations > Services.
After successfully importing the services, the following will be added:
Name | Profile | Credentials |
---|---|---|
int_datadome.http.protection.api | int_datadome.protection.api.profile | int_datadome.http.protection.api.cred |
About the
HTTPForm
typeThe
Type
property must remain asHTTPForm
for the cartridge to work.
Protection API Service
The URL for Protection API could be set in int_datadome.http.protection.api.cred
Note: "User" and "Password" are not required.
The default timeout configured in int_datadome.protection.api.profile is 150 milliseconds. Do not change this value unless advised otherwise by DataDome.
Custom Code SiteGenesis - Controllers
Controller version uses “onRequest” hook to capture each request and further uses Regexes (see section 4.4.4) to filter which request should be able to call the DataDome API. Controller version has one controller, DataDome.js, which is used to manage responses returned from the DataDome API.
Adding DataDome JavaScript
For protection purposes, DataDome’s JavaScript must be included in the storefront header file, i.e. htmlhead.isml:
<isinclude template="include/datadomeheader.isml" />
See the default overridden templates in the cartridge for reference:
“/datadome_sg_changes/cartridge/templates/default/common/htmlhead.isml”
Custom Code SFRA (StoreFront Reference Architecture)
Similarly to the SiteGenesis version, SFRA uses “onRequest” hook to capture each request and further uses Regexes (see section 5.1.1) to filter which request should be able to call the DataDome API. SFRA cartridge has one controller, DataDome.js, which is used to manage responses returned from the DataDome API.
Adding DataDome JavaScript
For DataDome protection to work, DataDome’s dynamic JavaScript must be included in the storefront header file, i.e. htmlhead.isml:
<isinclude template="include/datadomeheader.isml" />
See the default overridden templates in the cartridge for reference:
“/datadome_sfra_changes/cartridge/templates/default/common/htmlHead.isml”
External Interfaces
There are no external interfaces.
Business Manager
DataDome Site Preferences
The DataDome cartridge consists of the following configuration properties in
Site > Merchant Tools > Site Preferences > Custom Preferences > DataDome Configurations:
- Go to "Business Manager", "Merchant Tools" section
- Click on "Site preferences"
- Click on "Custom preferences"
- Click on "DataDome Configurations"
- Replace the License key with your own key from your dashboard
- Replace the JavaScript key with your own key from your dashboard
- Create the Regex for the content you want to exclude from the protection (assets for instance). We recommend adding, and updating accordingly, the following regex if you are using the SFCC analytics system.
^\/on\/demandware\.store/Sites-.*-Site\/[a-z][a-z]_[A-Z][A-Z]\/__Analytics-Start$
- Click on the "Save" button on the top-right
Congrats! Your website is ready to be protected against bot traffic!
Settings documentation
Setting | Description |
---|---|
DataDome Cartridge Enabled | Enables/disables DataDome cartridge |
DataDome API Key | Server-side module Key for DataDome |
DataDome JS Key | Client-side Key for DataDome |
JS Tag Options | JSON object describing JS Tag options (by default { sfcc: true }) |
JS Tag URL | URL to retrieve the DataDome JS Tag file (by default https://js.datadome.co/tags.js) |
JS Tag Endpoint | DataDome JS Tag API endpoint (by default https://api-js.datadome.co/js/) |
DataDome Excluded Request Regex | Used to exclude static assets or pipelines from detection |
DD Allowed Request Regex | Defines the pipelines to be included in the detection. Empty means "All" |
DataDome Service Protocol | The protocol (HTTP or HTTPs) to use to access the DataDome service |
DataDome Info Log Enabled | Enables/disables "Info" level logs |
DataDome Debug Log Enabled | Enables/disables "Debug" level logs |
DataDome Allowed Redirect origins (Deprecated in 21.0.0) | Optional. The list of origins (separated by a "," .Eg: "https://mydomain.com, http://otherdomain.com") that are allowed in the redirect url of the CAPTCHA. By default, only the current origin is allowed. |
DataDome Default Redirection Route | Optional. The default route to fall back to when trying to load invalid challenge URLs. It is a path that will be appended to your root domain. If not set, the value "/" will be used, which represents the root domain. |
Note: The default values are already set. Therefore, you don’t need to change any values unless otherwise needed.
Caching policy
DataDome module doesn't change the default caching policy.
However, the module adds a tracking cookie on all requests, which may impact some custom policies.
Feel free to contact our support for any specific needs.
First party JS tag
If you need to setup DataDome JS tag as a first party, please contact our support team and use the following two settings to setup the tag:
- JS Tag URL
- JS Tag Endpoint
Migrating from version 19.x to version 20.x
When migrating from DataDome cartridge you must know the cartridge names to be changed to comply with the new SFCC best practices.
Be sure your cartridge registrations are migrated from this:
to this:
By clicking on the Code version you will have a the WebDAV url. At the root of your Code version, please upload datadome_sfra_changes
datadome_sg_changes
and int_datadome
folders.
Updated 2 months ago