Some Foxy functionality relies on a secret key to help secure information it contains. This includes the legacy XML datafeed, the legacy API, link/form validation and our Single Sign-On functionality.

When creating a store, a random 60 character secret key is assigned to the store, and this value is used for each different feature mentioned above. This can be customised from the Foxy administration.

In the new admin, each setting is set individually within their respective section. By default, they will all use the same secret key, but each can be then customised individually.

• Legacy XML datafeed key: Settings > Integrations > Encryption key (within the “Legacy XML datafeed” section)
• Legacy API key: Settings > General > API key (within the “Legacy API” section)
• Link/Form Validation: Settings > Cart > HMAC encryption key (within the “Advanced” section)
• Single Sign-On: Settings > Checkout > SSO Secret (within the “Advanced” section when “Enable SSO” is checked)

Note that customising one will not impact any of the others. Each key supports a maximum of 100 characters each.

The store secret can be updated through the “advanced” setting page of the Foxy administration, through the “store secret” option.

For some stores though, they may prefer to be able to use a unique key for each different feature. This is possible by entering a JSON value instead, with keys for each different feature. The JSON requires that all keys be present, but you can use the same value for multiple keys if you desire. The JSON format should look like this:

{
  "cart_signing": "xxx",
  "sso": "xxx",
  "api_legacy": "xxx",
  "xml_datafeed": "xxx"
}

If you use the JSON format approach for your store secret keys, you will then need to ensure that you use the correct key for each respective feature.