Salesforce B2C Commerce 24.7 > B2C Commerce Security Guide > Security Best Practices for Developers

Using Hooks Securely

In Salesforce B2C Commerce, you can use hooks as a powerful tool to extend default functionality. Like all powerful tools, however, hooks are dangerous if not used properly.

Hooks in Open Commerce API (OCAPI) and Commerce Script can functionally change the platform operation of OCAPI and platform method calls. Be cautious when using hooks because unprivileged users can make privileged OCAPI or method calls. Also, because of the design placement of OCAPI hooks, a developer can inadvertently modify API calls to accept no authentication or to bypass expected authorization entirely. Use caution when chaining any calls on the platform.

Related concepts
OCAPI Hooks
SFRA Hooks
Related information
HookMgr

Infocenter Retirement: On June 30, 2023, the Infocenter was retired, and documentation currently hosted on the Infocenter will be published to Salesforce Help, Commerce Cloud Developer Center, and Salesforce B2C Commerce Developer Documentation Resources. For more information, see the release note.