Secrets and credential handling
- Magento credentials are encrypted in DB using
MERCHPILOT_ENC_KEY - No plaintext token storage in application tables
- Connection testing validates scopes without exposing secrets
Security
Security model for safe Magento write workflows
MerchPilot focuses on least-privilege API access, encrypted secrets, and auditable execution.
Implemented controls
Capabilities below reflect current implementation in this service.
- Encrypted token storage at rest using MERCHPILOT_ENC_KEY.
- No admin password storage and no storefront script requirement.
- Approval-oriented execution model with explicit run history.
- Audit trails for critical actions, including applies and rollback operations.
- HTTP request logs are recorded with sanitized payload context for debugging.
- Role and entitlement gating to keep access boundaries explicit.
Least-privilege and access gates
- Protected app routes require active entitlement
- Advanced actions are gated by feature middleware
- Connection guide documents minimal ACL resources
Execution logging and recovery
- HTTP requests use retry/backoff patterns
- Run logs and audit logs capture operation trace
- Snapshots are created before writes for rollback
Honest scope statement
MerchPilot writes only to endpoints required for catalog merchandising updates implemented in the app (for VNext: product-level update endpoint used for category links and price fields). PSP reconciliation, checkout, and CMS flows are outside this service scope.