How to associate an affiliate to a BuyNow purchase - payment

I'm starting to work with a few affiliates, who will sell my products (from my BlueSnap account) in their websites. They'll manage their online stores as they wish, but when they send to checkout they will use a hosted payment page in an iFrame, and take the URL from me.
I already set up their affiliate account with BlueSnap, and I want to make sure they associate any purchases on their sites so I get a cut and they get their commission. How can I configure the BuyNow URL as associated to a specific affiliate? Is it a setup in the control panel or just a URL parameter?
Is it different for BuyNow 1 and BuyNow2?

In order to make sure your affiliates are getting their cut and that their commissions work you need to make sure that:
The affiliate account is allowed to sell your products.
The affiliate is using the right link.
Managing your Affiliates
From one of your contracts - at the General settings tab, scroll down to the Marketing section and click the Invite Partners link - this will lead you to the Affiliate Management screen where you can make sure that the affiliate account is allowed to sell your goods.
Affiliates that are not on your list, may sell your products, but they will not get any commission.
Setting up the Affiliate link
Whether you're using BN1 or BN2 - the link should have the contract (SKU) ID, and the referrer (affiliate) ID:
Example:
https://www.bluesnap.com/jsp/buynow.jsp?contractId=1234567&referrer=123456
I hope this information is useful, by the way - you may want to check our Marketplace - if you want to take the affiliating experience to the next level.

Related

Multi Subdomain Website using Node?

I would love to get advice on my current project structure idea. I have been searching regarding node.js multi domain packages but i am not sure if they will suit. I also would like to have a easy to manage apps eg. if i want to modify specific app, i have a feeling a single app will get really full and confusing to manage code wise? Basically i am building a website that will have:
Landing Page - www.maindomain.com
User Dashboard - members.maindomain.com
Admin Dashboard - admin.maindomain.com
Now each subdomain app can communicate to each other if they have the credidentials etc.
Would it be correct to create separate 3 Apps to handle each of the sites?
Is there any security concerns having this kind of 3 app setup?
Can account creation occur upon paypal payment?
Ideal flow would be User visits website on landing page and selects a paid package which in turn would direct to paypal. Upon payment user would be returned to website with account creation form, and said Package(order) would become an option on user dashboard.
Admin can pretty much view everything via admin dashboard pretty standard, setup promos etc.
Thanks for your help and advice.

Hybris for B2B - Can pricing be hidden for non-registered customers?

We are looking to implement Hybris and one important feature we are looking for is to hide pricing for non-registered customers. We do want to allow them browse the catalog but we don't want them to see any pricing information. Is this a standard feature on Hybris or do we need to have it custom coded?
If you would like to hide in only jsp(storefront) you can put price tag under security tag.
<sec:authorize ifAnyGranted="ROLE_CUSTOMERGROUP">
</sec:authorize>
I can think of one way to do this.
Log into HMC and click on the Price Settings - Prices - Customer Price Lists tree node. Create a Customer Price List.
Create new user group and map the registered users to belong this user group. In Customer Prices tab of the user group, Choose Customer Prices group for registered users you just created.
Go to Catalog-> Products and the Prices tab. Create two Price Rows, one for registered Customer Price List containing product price and the other for non-registered Customer Price List containing no product price. You don't need to create a Customer Product List for non-registered users. Just keep it blank.
Make sure you sync the catalog to reflect in online version.
If you log in with the registered user and go to product detail page you could see the price and for non-registered user, it will show no price.
PS: I have not done it myself, so I'm not 100% sure if it'll work. If it does, do let me know.

Is an online store with no SSL secure? The merchant account page has SSL, tho

I'm designing an online store with Wix.
They have a great graphic interface which allows non-developers like me to build a professional-looking online store.
However, since I'm a noob in online security, I have this concern - the Wix webpage doesn't support SSL within their pages. But as soons as the customer clicks check out to begin the paying process, he is redirected away from the Wix site to the merchant account page (like paypal etc). The merchant do support SSL.
I'm assuming that although the Wix webpage doesn't support SSL, there is no risk envolved for the customer since he'll be entering his credid card info etc in the merchant account page. Is this correct? If I'm not clear, here is the Wix explanation for the matter:
Is Wix eCommerce secure?
When a customer makes a purchase on a Wix eCommerce site or a site with a PayPal or the Add to Cart button, the only information added by the customer on the Wix site is the product and any product options. Once a customer clicks Checkout, the customer is redirected away from the Wix site and to your merchant account page. Any personal or payment details that the customer has to enter are therefore not entered on the Wix site but rather on the merchant account site which is secured by the merchant account. For more information about exactly how they encrypt and secure payment information, please contact the relevant merchant account.
I'm also assuming only this risk (from the customer's perspective). Are there more risks involved in the Wix website by not supporting SSL? Maybe hacking the website or something? (from the seller's perspective)
This question might be suitable for serverfault.com instead.
But as it's related to development I'll try to answer it to the best of my ability:
When the connection is not carried over SSL (or any other security measure), the traffic is interceptable and malleable. This means that you can not trust that the data you are getting is actually from the user, unaltered. Additionaly, the user cannot trust that he is in fact talking to your server directly without someone in the middle snooping or altering the data.
Seeing as the payment system is a separate system that does allow for SSL, then you have the most obvious security issue covered. It is then up to you to evaluate whether anything up to that point can be considered sensitive. (for example username and password, if the store requires a login).
A good rule of thumb is that "Anything not encrypted is potentially known by anyone. In addition it is also alterable." Say a user wants to place an order, and clicks the appropriate buttons and links to get to the payment system. Now, if a MITM attacker wants to snoop the credit card details, he can intercept the traffic and substitute the buttons and link to trick the user to his own system, made to look like yours, with the only purpose of gathering credit card details. Attacks like this are possible because the average user doesn't know or care about the danger of accepting certificates from untrusted sources, and it is hard to combat unless awareness is raised around the issue. I have seen online shops display a warning before accessing the payment system that the user needs to verify that the certificate actually stems from their server, and that the URL is still refers to their webshop.
...But i digress. To sum up: You've got the important part secure. As for the rest, there are some pitfalls, but manageable if handled properly.

Set up my payment solution in sandbox

Here's the thing:
I have a business sandbox account created, then after opening the Sandbox PayPal site and logging in (of course, using the sandbox account credentials), when I click on "My Business Setup" and then "product selection page" (see picture), it redirects me to the non-sandbox PayPal account.
So, I cannot add a product to my sandbox account...
Well, obviously that looks like a PayPal sandbox bug.
What I wanna do is just add a business solution "Website Payments Pro" and create recurring payments.
Does anyone know another way to add that business solution?
You wouldn't enable Website Payments Pro that way. Granted, we should fix that.
You can enable Webiste Payments Pro via https://developer.paypal.com > Applications > Sandbox accounts > Click 'Profile' followed by 'Products'.
In here you can enable Website Payments Pro.

Complicate security rules

I have been tasked with something that seems a challenge in the security world. The problem is to build a website that has:
Complex ACLs and view permissions. eg. A customer's transaction history should only be displayed in a portal for the customer support agents.
Multi-branded. eg. If the customer support agent is Microsoft then they should have access only to that subset of users and to have the site look'n'feel match their brand. If the agent is Apple then do likewise with their customers and brand.
Item #1 is standard security. Item #2 (multi-branding) seems to overcomplicate things.
To meet the above requirements it seems that each portal and access request will need to take into account things such as: brand being viewed, user roles, objects and their membership to a given brand.
How do I go about tackling the above? Is there any literature on how to build a secure, multi-branded site?

Resources