This is the early access documentation preview for Custom Views. This documentation might not be in sync with our official documentation.
Certification
Learn about the commercetools Connect certification process.
Scope of certification
To become a publicly available Connector on the Connect marketplace, your Connector must pass a semi-automated certification process. The certification process ensures that your Connect applications are:
- Functionally complete
- Stable and secure
- Compatible with commercetools Connect's deployment requirements
- Fully documented
Certification is not required when creating Connectors for use in your own Projects.
What is needed for certification
You must provide the following in your GitHub repository for the certification process:
- Source code for your Connect applications
- Unit tests and self-contained integration tests
- Installation guide and documentation
- License files
How to request certification
Using the Connect API
You can request certification for a ConnectorStaged by using the Publish update action with certification set to true.
Using the Merchant Center
You can request certification by selecting List on Marketplace when publishing the Organization Connector.
When to request re-certification
If you make any changes to your Connect applications, such as fixing bugs or adding new features, you must re-certify the ConnectorStaged before the changes go live.
To re-certify your ConnectorStaged, follow these steps:
- Push the changes to the application GitHub repository.
- Generate a new Git tag.
- Use the Set Repository update action to reference the new tag.
- Use the Publish update action with
certificationset totrue.
Requirements for certification
When developing your Connect applications, be aware of the following requirements for certification.
General requirements
Your Connect applications:
- Must follow language-specific configurations to support buildpack. commercetools Connect uses it to build container images.
- Must use open-source libraries which Google Cloud Platform supports.
- Must be stateless in nature and not store previous session information in-memory.
- Must have self-contained dependencies, with global dependencies referenced in
package.json. - Should follow test-driven development principles.
- Should be lightweight and not need excessive memory or CPU-intensive operations. For example, do not use long-running recursive operations.
GitHub repository requirements
The GitHub repository of your Connect applications:
- Must have a specific directory structure.
- Must contain a configured
connect.yamlfile in the root directory. - Must have a Git tag that remains the same during the certification process.
If the GitHub repository of your Connect applications is private, you must grant read access to the connect-mu machine user.
Security requirements
Your Connect applications:
- Must not contain any hardcoded URLs, tokens, credentials, or passwords in the application code and configuration.
- Must not use outdated or insecure dependency libraries.
- Must not use protected third-party trademarks, copyrights, patents, or code.
- Should not include logs or any code/configuration which are not intended for production use.
Handling security vulnerabilities
Once your Connector passes certification and is listed on the Connect marketplace, you must acknowledge any security vulnerabilities found in your Connect applications within 1 business day.
Based on their severity, you must fix security vulnerabilities in your Connect applications within the following response times.
| Severity | Response time |
|---|---|
| Critical | 15 business days |
| High | 30 business days |