Introduction
Shopware Services, based on the Shopware App system, are a fairly new way to deliver functionality made by Shopware to shops using Shopware.
This functionality, since it is based on the App system, integrates seamlessly with shops while, at the same time, making upgrading Shopware to newer versions easier.
It also allows for adding new functionality without needing to upgrade Shopware or host and manage a service yourself.
In this post, we want to show you two changes that are implemented and make Services and the App system even more secure and robust.
Rotating secrets
Shopware is now able to rotate secrets. But what secrets, and what are the consequences?
When it comes to the App system, there are two sets of secrets or credentials:
API credentials
Secrets for request signing
In case you are not familiar with what rotation means in this context, it is the process of updating, or rather replacing, the existing secrets and credentials with new ones.
Rotating secrets helps to minimize the risk of unauthorized access and also the misuse in case they have been leaked unknowingly. This is a is good security practice to be able to rotate secrets easily.
With the App system and Services, shop functionality becomes more distributed. Providing an easy way of rotating secrets means Shopware, App developers, and Shopware Services are able to re-establish connections easily if needed.
During the rotation period, old credentials/secrets still work to not disrupt running processes. This should take no longer than a few seconds.
Stability enhancements
With shop functionality becoming more distributed, systems need to know which clients are active and what their status is.
Over time, test, staging, development, and no longer active systems will accumulate in App server databases, and also for us at Shopware when providing Services.
To mitigate that, Shopware now pings shops periodically that are using Services. A process that can also be used by all App server providers to keep their databases lean and clean.
In order to make this process as lightweight as possible, this ping is using an existing API route, _info/version. This is an authenticated call, meaning it can't be used by unknown actors.
From a data perspective, only the HTTP status code in the response is interesting.
Shopware uses this ping in a very simple way: If a Shopware shop using services is pinged, we expect a status 200 OK. With that, all is fine until the next periodic ping.
If a shop is pinged by the Shopware Services system, but does not respond or gives an error code, then we will try again later. On multiple failed connection attempts, the shop will be removed from our service registry.
This whole process is running in the background and does not impact shops. In the edge case that a shop is live, is using Services, but the _info/version API endpoint is not reachable repeatedly, we also provide a command for re-registering Services, or Services can be re-installed in order for the Services to work again.
Outlook
This exact behaviour and functionality of this addition to Services might change in the future based on community feedback, in which case we will keep you posted.
For all App developers out there, we encourage you to make use of the secret rotation in case you need it, and also to keep your databases clean by a periodic ping, depending on your customer base. Just make sure to ping responsibly.
