Security is a critical part of any web-based business because online apps can be exposed or compromised in many different ways. Before you submit your app, you need to make sure that it's secure so that the merchants who use it won't be at risk.
Security
-
Your app must not collect Shoplazza user credentials. As explained in Shoplazza API Authentication, public apps must use OAuth.
-
If your app stores its own credentials, then it must only store salted password hashes instead of actual passwords, as described on the Open Web Application Security Project website.
-
Your app must be protected against common web security vulnerabilities.
-
The app must be served over HTTPS using a valid TLS certificate.
-
Your app must not expose network services unnecessarily.
-
Your app must not expose its shared secret.
-
Your app must generate secure tokens, including expirations and search indexing protections, where applicable.
-
Your app must not process payments or orders outside of Shoplazza's checkout.
-
Your app must not alter or modify Shoplazza's checkout.