Get Storefront Security Settings
GET /stores/{store_hash}/v3/settings/storefront/security
Request
Returns security settings.
-
Channel ID can be used as a query parameter for getting channel-specific setting. If omitted, you will interact with the global setting only.
-
nullindicates that a particular field has not been overridden on a channel level when channel level settings are requested and values are inherited from global level.
Authentication
- X-Auth-Token in header - required
Parameters
- store_hash in path - string
- channel_id in query - integer
Channel ID to use for channel-specific setting. If omitted, you will interact with the global setting only.
example
curl --request GET \ --url 'https://api.bigcommerce.com/stores/[store_hash]/v3/settings/storefront/security' \ --header 'Accept: application/json' \ --header 'Content-Type: application/json' \ --header 'X-Auth-Token: xxxxxxxxxxxxxxxxx'
Response
OK, null indicates that a particular field has not been overridden on a channel level when channel level settings are requested
Body
dataobject
metaobject
Response metadata.
example
{ "data": { "csp_header": { "enabled": true, "header_value": "string" }, "hsts": { "enabled": true, "include_preload": true, "include_subdomains": true, "max_age": "zero_seconds" }, "sitewide_https_enabled": true, "x_frame_options_header": { "allowed_url": "string", "enabled": true, "setting": "deny" } }, "meta": {} }
Update Storefront Security Settings
PUT /stores/{store_hash}/v3/settings/storefront/security
Request
Updates security settings.
-
Channel ID can be used as a query parameter for updating channel-specific setting. If omitted, you will interact with the global setting only.
-
nullshould be supplied to delete overrides per given channel and to inherit values from global level. Partial updates are not supported and all settings should be supplied withnullvalue in order to delete overrides per channel.
Authentication
- X-Auth-Token in header - required
Parameters
- store_hash in path - string
- Content-Type in header with default of application/json - string - required
The MIME type of the request body.
- channel_id in query - integer
Channel ID to use for channel-specific setting. If omitted, you will interact with the global setting only.
Body
csp_headerobject
hstsobject
sitewide_https_enabledboolean
x_frame_options_headerobject
example
{ "csp_header": { "enabled": true, "header_value": "string" }, "hsts": { "enabled": true, "include_preload": true, "include_subdomains": true, "max_age": "zero_seconds" }, "sitewide_https_enabled": true, "x_frame_options_header": { "allowed_url": "string", "enabled": true, "setting": "deny" } }
Response
OK
Body
dataobject
metaobject
Response metadata.
example
{ "data": { "csp_header": { "enabled": true, "header_value": "string" }, "hsts": { "enabled": true, "include_preload": true, "include_subdomains": true, "max_age": "zero_seconds" }, "sitewide_https_enabled": true, "x_frame_options_header": { "allowed_url": "string", "enabled": true, "setting": "deny" } }, "meta": {} }