Encrypted credentials
Magento API secrets are stored encrypted using sodium secretbox.
Security & Integration
Secure by default for Magento API-driven CMS operations
Encrypted tokens, signed preview URLs, RBAC enforcement, and audit traces for all critical actions.
Access control
Viewer, Editor, Publisher, and Admin roles with permission gates.
Preview safety
Signed token-based preview routes with TTL and scope checks.
Publish safeguards
Allowlist sanitization and deterministic HTML rendering before API push.
Auditability
Connection tests, publish outcomes, and role changes are audit logged.
No live takeover
MVP avoids live store control channels, browser automation, and background crawl overload.