Salesforce B2C Commerce 24.5 > B2C Commerce Security Guide > Security Best Practices for Administrators > Secure Communications

Code Upload

⚠️ The annual cost of maintaining the server where this website is hosted, the domain, and keeping it up-to-date is approximately €3,000 per year. Help us with a small donation to cover these expenses. Support Now!

0 / 10000 €

You can upload custom code, also known as cartridges, to an instance using UX Studio, or with a file transfer mechanism such as WebDAV over TLS. It’s extremely important that you secure code uploads. An attacker who’s able to upload malicious code can wreak havoc on an instance. Follow these best practices.

  • Use two-factor authentication to upload code to the staging instance. The first factor depends on whether a user or API client performs the code upload. For users, the first factor is a username and password. For API clients, the first factor is an authorization token, minted by Account Manager.
    Note: The API client must present its client-id/client-secret in order to receive the authorization token. The second factor is always a client certificate.
  • Initially upload code into an inactive version on the staging instance.
Related concepts
Code Deployment
Configure Your Salesforce B2C Commerce Server Connection
Using WebDAV
Cartridge Directory Using WebDAV
Related tasks
Configure Secure Code Uploads
Generate, Sign, and Use Client Certificates for Secure Code Uploads
Upload Cartridges

Infocenter Retirement: On June 30, 2023, the Infocenter was retired, and documentation currently hosted on the Infocenter will be published to Salesforce Help, Commerce Cloud Developer Center, and Salesforce B2C Commerce Developer Documentation Resources. For more information, see the release note.