Security is a top priority for us. We are, after all, handling customers' money.
All communications made with Snipcart are encrypted through HTTPS.
Since Snipcart relies on HTML markup for product information, people often ask:
How do you prevent bad actors from changing product pricing with their DevTools before checking out?
The short answer: before processing an order, we double check product data using a crawl back method.
Once an order is placed, Snipcart initiates a server-side validation:
First, we crawl the URL specified in your
data-item-url property. Then, we cross-reference the product information stored in the DOM with the one displayed in the order. If these don't match, we block the transaction.
This back-end validation allows us to confirm that the submitted information is the exact one configured on the website and that no alteration to the price, options, quantity, or anything else.