Security

One of the first questions we had about Snipcart was: "Is it secure?". We believe that security must be our #1 priority since we are handling our customers' money.

In addition to the fact that all communications made with Snipcart go through the HTTPS protocol, we've also put in some extra stuff to make sure it's highly secure.

Snipcart relies on HTML markup for its product information, but that doesn't mean the information isn't double checked once an order has been processed. Even if all your product information is stored in the DOM, once an order is placed Snipcart will do a server side validation upon checkout. This back-end validation will confirm that the submitted information is the exact one configured on the website and that no alteration to the price, to the options or to any other information has been made.

How do we do that? When defining your product properties, within the HTML markup, you need to specify the data-item-url property, which needs to be a URL where we can find your product metadata.

Before processing the payment, we will crawl the specified webpage, find the matching product and make sure no properties have been altered by anyone. Of course, the information submitted will need to match the one present during our back-end validation. This way, we make sure that if someone edits your DOM with any inspection tools such as the Chrome developer tools, they will not be able to go through with the order.

If such a thing was to occur, the user trying to make the order on your website would simply be blocked and the order would be rejected.