Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

ACP security tips #2402

Merged
merged 4 commits into from
Dec 18, 2023
Merged

ACP security tips #2402

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
96707f2
ACP security tips
lenadoc Dec 18, 2023
0b1e87c
Merge branch 'master' into acp-security-tips
lenadoc Dec 18, 2023
8005ee5
fixing a link
lenadoc Dec 18, 2023
a6d182f
Merge branch 'acp-security-tips' of https://github.com/spryker/spryke…
lenadoc Dec 18, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 2 additions & 0 deletions _data/sidebars/acp_user_sidebar.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,8 @@ entries:
url: /docs/acp/user/intro-to-acp/acp-overview.html
- title: ACP security assessment
url: /docs/acp/user/intro-to-acp/aop-security-assessment.html
- title: ACP security tips
url: /docs/acp/user/intro-to-acp/acp-security-tips.html
- title: Install ACP catalog
url: /docs/acp/user/app-composition-platform-installation.html
- title: Develop an app
Expand Down
4 changes: 3 additions & 1 deletion docs/acp/user/develop-an-app/develop-an-app.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -37,9 +37,11 @@ You need to have a clear understanding of what your app API will provide to othe
Before you start with the development, you should design your API schema files. Depending on your requirements, you can have an OpenAPI or an Async API schema file. In this step, you define the Sync API endpoints your app will provide to others, the messages you will emit or consume, and the data you expect to work with.

{% info_block infoBox "Info" %}
For more information about Async API schema design, see [Designing your APIs with Async API](https://www.asyncapi.com/blog/designing_your_apis_with_asyncapi_part_1).

For more information about Async API schema design, see [Designing your APIs with Async API](https://www.asyncapi.com/blog/designing_your_apis_with_asyncapi_part_1).

For more information about OpenAPI schema design, see [Best practices in API design](https://swagger.io/resources/articles/best-practices-in-api-design/).

{% endinfo_block %}

You can use the following tools to design your APIs:
Expand Down
7 changes: 7 additions & 0 deletions docs/acp/user/intro-to-acp/acp-security-tips.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
---
title: ACP security tips
Descriptions: Guidelines and tips on how to make your ACP apps secure
template: howto-guide-template
---

To prevent unauthorized access to the App Catalog and its configurations, we recommend to limit access to it by implementing user roles. Configure your project to designate an admin user with access to the App Catalog page. For everyone else, hide the `/app-catalog-gui/`page by assigning specific user roles. For detailed instructions on creating and managing user roles, see [Best practices: Manage users and their permissions with roles and groups](/docs/pbc/all/user-management/{{site.version}}/base-shop/manage-in-the-back-office/best-practices-manage-users-and-their-permissions-with-roles-and-groups.html).
Loading