Security

Security controls aligned with operational Magento publishing

Magento Builder keeps frontend authoring fast while preserving backend safeguards for access control, request integrity, credential protection, and auditable publish behavior.

Operational security dashboard tracking publish events and access controls

CSRF protection

State-changing forms and editor API saves use CSRF tokens.

Authenticated app shell

Builder routes require authenticated sessions and middleware checks.

RBAC policy gates

Viewer/Editor/Publisher/Admin permissions are enforced server-side.

Request IDs

Request tracing middleware supports incident investigation and support triage.

Signed preview tokens

Preview links are signed and time-bound to prevent uncontrolled access.

Encrypted secrets

Connection credentials are encrypted at rest before persistence.

Sanitized HTML generation

Renderer applies strict style/tag sanitization before Magento publish payloads.

Retry + backoff queueing

Failed publish attempts are retried with backoff and terminal failure states.

Audit logs

Save, publish, retry, rollback, and connection actions are retained for review.