Security

Credentials manager

Because storing connection credentials in the UI could be a security issue, we provided a credentials manager. The manager makes it possible to save your credentials in json format on your Akeneo server. It is also easy to change (rotate) your credentials with the minimum effort. The next steps show you how you can do this.

Menu

Create a new credential by clicking on the green create button

Menu

Give your credential a code (best to use a code linked to your domain name) and select the credential type “Long lived access token”. After creating this credential you can add the necessary domain name and Magento’s access token (not secret).

Menu

And that’s it. Now you can link this credential to your export profile. See next topic “Job configuration”.

Akeneo ACL permissions

A new permission group (Magento API exports) and role (Launch Magento API exports) was written. With this permission you have the possibility to hide or show these quick exports. The launch button on the export profiles is also using this permission setting.

Quick exports

  • Launch Magento API exports: disabling this acl prevents starting exports from the job overview.
  • Launch Magento API quick exports: disabling this acl prevents all Magento grid quick exports actions.
  • Configuration settings: disabling this acl prevents access to the Magento configuration settings.
  • Mappings: disabling this acl prevents editing and removing mappings. Also the mapping grid will not be accessible.

Magento permissions Magento API user

When creating the integrations keys in Magento it is important to provide enough permissions to this connection. Both the catalog and the consumers permissions should be active. The connection must be able to consult the queue status. These permissions are listed separately. If these permissions are not set, the connector queue job will NOT be able to request the current queue status.

In connector versions lower than 6.0.0, this means that the jobs will never get the status COMPLETE. These will keep the status waiting for external queue.