The storefront integrates with a REST based Address verification service (AVS) that uses token based security. The sequence of calls in the API documentation for this AVS looks like the following
1. Client authentication call, which contains the merchantId and secret in a GET request and returns a token in the response.
2. Address verification call, which contains the token and the address to verify in a POST request.
Once the token is obtained, it is valid for hours and it is not needed to request a new one for subsequent address verification calls, the AVS charges for every request made no matter if it is client authentication call or address verification call.
Which three strategies could be applied to allow for efficient use of the service without compromising security? Choose 3 answers
The Client has requested an Architect’s help in documenting the architectural approach to a new home page. The requirements provided by the business are:
• Multiple areas of static image content, some may need text shown at well
• The content page must be Realizable
• A carousel of featured products must be shown below a banner 101191
• Recommended categories will be featured based on the time of year
Which two solutions would fulfil these requirements?
Choose 2 answers
Given a website launched to production, the Architect can rely on several SFCC Business Manager tools that provide an automatic notification feature.
Which three tools have such a feature and do not require to be monitored manually?
Choose 3 answers
The Client plans to deploy a new payment provider and Order Management System on its existing B2C Commerce website. They have asked an Architect to advise which environment it should use to conduct load testing of its new integrations.
Which environment should be used as the ideal environment for this kind of load test?
During implementation, the team found that there is a notification controller exposed for an external service that marks the order as paid when notification is received. The notification URL is sent to the service together with the payment request and contains only the URL with orderlD as the parameter.
What should the Architect recommend to the team in order to prevent the unauthorized usage of the controller to mark the orders as paid?
An ecommerce site has dynamic shipping cost calculation. it allows the customers to see their potential shipping costs on the Product Detail Page before adding an item to the cart.
For this feature, shipping touts are calculated using the following logic:
• Set the shipping method on the Basket
• Add the item to the basket, calculate the basket total and get the shipping cost for this method
• Remove the item from the Basket to restore the original state
• The above process is repeated for each shipping method
During the testing it was discovered that the above code violates the spi.basket.addResolveInSameResquest quota.
What should the Architect do to resolve this issue and maintain the business requirement?