bc-security
BigCommerce Security
Before writing code
Fetch live docs:
- Web-search
site:developer.bigcommerce.com security authenticationfor auth security - Web-search
bigcommerce app security best practicesfor app security - Web-search
bigcommerce pci compliancefor PCI guidance
API Authentication Security
Token Management
- Never expose API tokens in client-side code or public repositories
- Store tokens in environment variables or encrypted secret stores
- Use separate tokens for development and production
- Rotate tokens periodically
- Use minimum required OAuth scopes (principle of least privilege)
More from orcaqubits/agentic-commerce-skills-plugins
magento-performance
Optimize Magento 2 performance — full page cache (Varnish), Redis, indexer tuning, JavaScript/CSS optimization, database optimization, and profiling. Use when diagnosing slow pages, optimizing load times, or configuring caching.
4js-modern
Write modern JavaScript and TypeScript — ES6+ features, async/await, modules, destructuring, optional chaining, TypeScript types, and modern tooling. Use when writing JavaScript/TypeScript for BigCommerce themes, apps, or headless storefronts.
4graphql-dev
Write GraphQL queries, mutations, and subscriptions — fragments, code generation, TypedDocumentNode, variables, error handling, and client setup. Use when writing GraphQL code for Saleor.
4node-backend
Build Node.js backends for BigCommerce apps — Express/Fastify servers, OAuth handling, JWT verification, API proxy, webhook processing, session management, and deployment. Use when building the server-side component of BigCommerce apps.
4magento-service-contracts
Implement Magento 2 service contracts — repository interfaces, data interfaces, SearchCriteria, and the repository pattern. Use when building module APIs, data access layers, or integrating with Magento's Web API.
3magento-plugins-interceptors
Implement Magento 2 plugins (interceptors) — before, after, and around methods for modifying class behavior without inheritance. Use when extending core or third-party module functionality.
3