Blog posts by K Khan

Blog posts by K Khan 2025-02-14T11:22:03.0000000Zhttps://world.optimizely.com/blogs/K-Khan-/ Optimizely World Comerce Connect calatog caching settingsA critical aspect of Commerce Connect is the caching mechanism for the product catalog, which enhances performance by reducing database load and improving data retrieval times. By effectively configuring and managing the catalog caching mechanisms in Optimizely Commerce Connect, applications can achieve improved performance, reduce server load, and ensure that users receive up-to-date catalog. <h1>Catalog Caching Configurations</h1> These settings help manage how long different types of catalog data are stored in the cache before expiration, thereby optimizing data retrieval and system performance. <h3>Commerce Connect V13</h3> Caching for each subsystem, including catalogs and orders, is configured within its respective configuration files. For example, caching for catalogs can be found in ecf.catalog.config located in the site's configs folder. <pre class="language-markup"><code><Cache enabled="true" collectionTimeout="0:5:0" entryTimeout="0:5:0" nodeTimeout="0:5:0" schemaTimeout="1:0:0"/></code></pre> <h3>Commerce Connect V14</h3>  Cache settings for the Catalogs subsystem, using AppSettings.json <pre class="language-markup"><code>"EPiServer": { "Commerce": { "CatalogOptions": { "Cache": { "UseCache": true, "ContentVersionCacheExpiration": "00:05:00", "CollectionCacheExpiration": "00:05:00", "EntryCacheExpiration": "00:05:00", "NodeCacheExpiration": "00:05:00" } } } }</code></pre> Cache settings for the Catalogs subsystem can be used using Startup also. <pre class="language-csharp"><code>public void ConfigureServices(IServiceCollection services) { services.Configure<CatalogOptions>(o => { o.Cache.UseCache = true; o.Cache.ContentVersionCacheExpiration = TimeSpan.FromMinutes(05); o.Cache.CollectionCacheExpiration = TimeSpan.FromMinutes(05); o.Cache.EntryCacheExpiration = TimeSpan.FromMinutes(05); o.Cache.NodeCacheExpiration = TimeSpan.FromMinutes(05); }); }</code></pre> <ul> <li>UseCache: Enables or disables caching.</li> <li>ContentVersionCacheExpiration: Sets the cache duration for content versions.</li> <li>CollectionCacheExpiration: Defines the cache duration for an array of entries. The cached data primarily consists of CatalogEntryDto objects. Since the Entry object is derived from the Data Transfer Object (DTO), the DTO itself is cached. However, it is also possible to cache the Entry objects directly instead of the DTO in some cases.</li> <li>EntryCacheExpiration: Specifies the cache duration for individual catalog entries. The cached data primarily consists of CatalogEntryDto objects.</li> <li>NodeCacheExpiration: Determines the cache duration for catalog nodes.</li> </ul> <h2>Cache Invalidation</h2> Cache invalidation ensures that outdated or modified data does not persist in the cache, maintaining data consistency. In the catalog subsystem, the cache is invalidated under the following circumstances: Expiration: Cached data is automatically invalidated when it reaches the specified timeout duration. Data Updates: If a catalog object is updated, the corresponding cache entries are invalidated to reflect the changes.   References: <a href="https://docs.developers.optimizely.com/customized-commerce/docs/caching">https://docs.developers.optimizely.com/customized-commerce/docs/caching</a>2025-02-14T11:22:03.0000000Z

Blog post

Dynamic packages in Commerce ConnectIn Optimizely Commerce Connect, you can group different items using packages and bundles. <ul> <li>Package: A package has one or more versions of a product (called variants) and possibly other packages. It has one SKU (a unique code) and one price. When you add a package to a shopping cart, it appears as a single item.</li> <li>Bundle: A bundle is a group of packages, products, and variants, each with its price. Unlike packages, each item in a bundle appears separately in the cart, allowing customers to buy several items at once but treat each as its cart item</li> </ul> From EPiServer.Commerce 14.29.0 you can have dynamic packages <ul> <li>Dynamic Package (beta): This is similar to a regular package but gives customers more choices. It includes multiple products, each with one or more variants, and has a single SKU and price. Customers can choose which version (variant) of each product they want in the package. Like a regular package, it shows up as one item in the cart.</li> </ul> <h1>Dynamic Packages </h1> There are many use cases where dynamic packages help. A very common use case is when customers are selecting some internet service provider along with a phone line or TV, Telecom companies allow users to dynamically create packages based on their service needs, combining internet, cable, and phone services. On a travel website, customers can create their travel packages by selecting a combination of flights, hotels, car rentals, and activities. This dynamic packaging enables customers to tailor their trip based on their budget, preferred airlines, hotel standards, and desired experiences. The dynamic packages feature in Commerce Connect is currently in beta from 14.29.0. It is disabled by default. Developer's documentation: <a href="https://docs.developers.optimizely.com/customized-commerce/docs/dynamic-packages">https://docs.developers.optimizely.com/customized-commerce/docs/dynamic-packages</a> 2024-11-01T12:22:28.0000000Z

Blog post

keep special characters in URLWhen creating a page, the default URL segment validation automatically replaces special characters with their standard equivalents (e.g., "ä" is replaced with "a"). However, some clients may require these special characters to remain intact in URLs for non-English versions of their website. <pre class="language-csharp"><code>var validChars = "ü ö ä ß ó ñ á á é í ó ő ú ü ñ"; </code></pre> For CMS 12 <pre class="language-csharp"><code>//Startup.cs services.Configure<UrlSegmentOptions>(config => { config.SupportIriCharacters = true; config.ValidCharacters = @"A-Za-z0-9\-_~\.\$" + validChars; }); </code></pre> For CMS 11 <pre class="language-csharp"><code>[InitializableModule] [ModuleDependency(typeof(EPiServer.Web.InitializationModule))] public class UrlSegmentConfigurationModule : IConfigurableModule { public void ConfigureContainer(ServiceConfigurationContext context) { var validChars = "ü ö ä ß ó ñ á á é í ó ő ú ü ñ"; context.Services.RemoveAll<UrlSegmentOptions>(); context.Services.AddSingleton<UrlSegmentOptions>(s => new UrlSegmentOptions { SupportIriCharacters = true, ValidCharacters = @"\p{L}0-9\-_~\.\$" + validChars }); } public void Initialize(InitializationEngine context){} public void Uninitialize(InitializationEngine context) { } }</code></pre> References: <ul> <li><a href="https://support.optimizely.com/hc/en-us/articles/115005062883-Enable-special-characters-in-URL-Segment">https://support.optimizely.com/hc/en-us/articles/115005062883-Enable-special-characters-in-URL-Segment</a></li> <li><a href="/link/a5c3e4adc40b463f91f27b7092631e27.aspx">https://world.optimizely.com/blogs/Minesh-Shah/Dates/2023/2/url-rewrites-in-cms12--net-6-/</a></li> <li><a href="https://www.w3.org/International/articles/idn-and-iri/">An Introduction to Multilingual Web Addresses</a> </li> </ul>2024-09-19T16:47:59.0000000Z

Blog post

Opti ID overviewOpti ID allows you to log in once and switch between Optimizely products using Okta, Entra ID, or a local account. You can also manage all your users from one place. you can watch an interactive demo <a href="https://optimizely.navattic.com/awr50u0h">here</a>.  The Optimizely platform offers: <ul> <li>A single login (Single Sign-On or SSO) with support for multi-factor authentication (MFA), using your own MFA setup and directory authentication provider.</li> <li>The ability to switch between apps without having to log in again.</li> <li>The option to manage users, groups, and roles with Opti ID.</li> <li>A dashboard for managing account information, usage, and billing.</li> </ul> Opti ID is currently available for the following Optimizely products: <ul> <li>Commerce Connect</li> <li>Configured Commerce</li> <li>Content Management System (CMS 12) </li> <li>Optimizely CMS SaaS</li> <li>Content Marketing Platform (CMP)</li> <li>Digital Experience Platform (DXP)</li> <li>Experimentation</li> <li>Experiment Collaboration</li> <li>Optimizely Data Platform (ODP)</li> <li>Product Information Management (PIM)</li> <li>Product Recommendations</li> </ul> It is easy to set up Opti ID in your solution with the following steps: <ol> <li> Install the NuGet Package:  <pre class="language-csharp"><code>dotnet add package EPiServer.OptimizelyIdentity</code></pre> </li> <li> Enable Opti ID: In your Startup.cs file, add the following line in the ConfigureServices method to enable Opti ID globally <pre class="language-csharp"><code>services.AddOptimizelyIdentity(useAsDefault: true);</code></pre> This makes Opti ID, active throughout the application, including in shell modules, preview, and edit modes. You can customize authentication schemes using AuthenticationOptions if needed. </li> <li> Remove Unnecessary Services: If you're not using ASP.NET Identity, remove any calls to services.AddCmsAspNetIdentity(). </li> <li> Virtual Roles: Opti ID automatically maps the virtual roles CmsEditors and CmsAdmins. If you already have these mappings, you'll need to remove them. </li> <li> Testing: Ensure your user is assigned to at least one built-in system role for the CMS before testing. Deploy your changes to DXP or run the application locally with Opti ID set up. </li> <li> Running Opti ID Locally: <a href="https://localhost:7595"></a>To configure local usage, add these settings in your appsettings.json file. These are automatically provided when deploying to the Optimizely Digital Experience Platform (DXP) or can be found in the DXP Management Portal under API > Opti ID dev key <div class="overflow-y-auto p-4"> <pre class="language-javascript"><code>{ "EPiServer": { "Cms": { "OptimizelyIdentity": { "InstanceId": "xxx", "ClientId": "xxx", "ClientSecret": "xxx" } } } }</code></pre> Opti ID will work locally with the following ports: https://localhost:5000 https://localhost:5096 https://localhost:6921 <a href="https://localhost:7595">https://localhost:7595</a> References: https://support.optimizely.com/hc/en-us/articles/12613241464461-Get-started-with-Opti-ID </div> </li> </ol>2024-07-26T09:35:21.0000000Z

Blog post

Optimizely Forms: Safeguarding Your DataWith the rise of cyber threats and privacy concerns, safeguarding sensitive information has become a top priority for businesses across all industries. As organizations collect and manage data through various channels, ensuring the security of online forms has become crucial. Optimizely Forms, offers a robust solution for creating and managing forms, but how does it fare in terms of security? Content authors can design multiple kinds of forms, Whether it's collecting customer feedback, processing orders, gathering leads, or forms that may contain sensitive data. Sensitive information submitted through forms could be vulnerable to various threats, including data breaches, unauthorized access, and manipulation. Forms can ask users to upload files, a user-uploaded file can also be a threat or a sensitive document.  Optimizely Forms offers a comprehensive set of security features, customizations, and capabilities to protect user data and mitigate security risks. However, ensuring security is a shared responsibility and requires a proactive approach, encompassing continuous monitoring, updates, and adherence to best practices to safeguard against evolving threats and developers and editor's training. To address security concerns, Optimizely Forms offers several built-in or customizable security features, including <a href="https://docs.developers.optimizely.com/content-management-system/v1.2.0-forms/docs/encrypting-form-data">data encryption</a>, <a href="https://docs.developers.optimizely.com/content-management-system/v1.2.0-forms/docs/creating-new-data-storage-mechanism">data storage mechanisms</a>, v<a href="https://docs.developers.optimizely.com/content-management-system/v1.2.0-forms/docs/creating-form-element-with-validator">alidation and sanitization</a>, <a href="https://docs.developers.optimizely.com/content-management-system/v1.2.0-forms/docs/configuring-optimizely-forms">limited access control</a>, CAPTCHA Integration, and <a href="https://docs.developers.optimizely.com/content-management-system/v1.2.0-forms/docs/customizing-retention-policies">data retention policies</a>. It is <a href="https://docs.developers.optimizely.com/content-management-system/v1.2.0-forms/docs/webhooks-actor">not required to store data</a> within the CMS database. Those should be considered while implementing and using Forms. Organizations can enhance the security of Optimizely Forms by following these best practices: User Education: Educate users about security best practices, such as creating strong passwords, recognizing phishing attempts, and exercising caution when sharing sensitive information via Optimizely Forms. e.g. If submitted data is stored in Forms, then it will be visible to any editors who have access to CMS regardless the data is related or not. User-uploaded files can appear in Search results within the CMS or globally if not taken care of. Regular Updates: Stay vigilant about applying software updates and patches released by Optimizely to address known vulnerabilities and security flaws in Optimizely Forms. Strong Authentication: Implement strong authentication mechanisms, such as multi-factor authentication (MFA), to verify the identities of users accessing Optimizely Forms backend interfaces and administrative dashboards. Security Testing: Conduct regular security assessments, including penetration testing and vulnerability scanning, to identify and remediate potential security weaknesses in Optimizely Forms implementations. Malware Scan for User uploaded files: Implement <a href="https://learn.microsoft.com/en-us/azure/defender-for-cloud/defender-for-storage-malware-scan">scanning</a> of user-uploaded files, solutions will be different, depending on the infrastructure.2024-05-16T07:48:22.0000000Z

Blog post

Top tip: Better, do not save EPiServer.Foms submissions for sensitive dataIf your website utilizes EPiServer.Forms and includes forms where users can upload files, there is a significant probability that the Find/Search Indexing Job will also index those files. Consequently, these files may become accessible through searches facilitated by Find. Editors navigating the Editor area may encounter these files when searching for images, potentially leading to public availability of search results also depending on implementations. To address this issue, a straightforward solution is to cease indexing user-uploaded files. One possible approach to prevent the indexing of uploaded files from forms is outlined in the code below. <pre class="language-csharp"><code>ContentIndexer.Instance.Conventions.ForInstancesOf<IContentMedia>().ShouldIndex(x => _contentLoader.GetAncestors(documentFileBase.ParentLink).Select(x=>x.Name).Contains( EPiServer.Forms.Constants.FileUploadFolderName)); </code></pre> This will stop indexing users' uploaded files, and certainly slow down the indexing job as we will be loading ancestors. It's important to note that despite this adjustment, users' uploaded files will remain accessible to all editors through the Form Submissions View. Depending on the sensitivity of the uploaded user's data, it's imperative to consider this accessibility. Ideally, in cases where user data is sensitive, refrain from saving form submissions within forms due to the limited security associated with form submissions. Editors play a pivotal role in designing forms, and their training is crucial, particularly in alignment with the nature of the business, the type of information they will be gathering, and the relevant legislation. Training should ensure that editors understand the intricacies of data collection, its implications, and compliance requirements. 2024-03-22T10:27:12.0000000Z

Blog post

Toptip - what is .well-known folderWithin your <code>~/public</code> folder, you may come across a directory named ".well-known." This directory is frequently employed in web-based protocols to retrieve "site-wide metadata" related to a host before initiating a request. It's important to note that the absence of this folder doesn't necessarily indicate an issue; it simply means it hasn't been utilized or generated yet. Here are some examples of what you might find in the ".well-known" directory: <ol> <li>.well-known/security.txt: Contains information about a website's security policies and <a href="https://securitytxt.org/">contact information for security researchers</a>. Please read some helpful blogs on this topic. <a href="https://www.gulla.net/en/blog/security.txt">https://www.gulla.net/en/blog/security.txt</a> <a href="https://optimizely.blog/2023/03/easy-implementation-of-security.txt-with-minimal-api-.net-core">https://optimizely.blog/2023/03/easy-implementation-of-security.txt-with-minimal-api-.net-core</a></li> <li> .well-known/apple-app-site-association (AASA): Used for <a href="https://developer.apple.com/library/archive/documentation/General/Conceptual/AppSearch/UniversalLinks.html">associating iOS apps with websites</a>, enabling features like Universal Links. This file doesn't have an extension. </li> <li>.well-known/assetlinks.json: Used in the context of Android App Links. <a href="https://developer.android.com/training/app-links/verify-android-applinks">Android App Links</a> are a way to associate a website with a specific Android app, allowing the app to open when certain links are clicked, even if the app is not currently installed on the device.</li> </ol>2024-01-15T12:46:00.0000000Z

Blog post

Top tip - Auto Suggestion for editorsAuto-suggestion can significantly enhance the efficiency, consistency, and overall quality of content created and managed by editors in a content management system. It serves as a valuable tool that supports editors in maintaining high standards and streamlining their workflow. This small feature can benefit editors in many ways such as saving time by predicting and suggesting words or phrases for some fields as they type. It can promote consistency in writing style and terminology across the content. Editors will adhere to specific style guides or content standards if required for some fields. Developers can add simple built-in auto-suggestions for editors to select when working in the edit view of Optimizely Content Management System (CMS) Create a Custom selection class by inheriting ISelectionQuery e.g. <pre class="language-csharp"><code>using System; using System.Collections.Generic; using System.Linq; using EPiServer.ServiceLocation; using EPiServer.Shell.ObjectEditing; namespace EPiServer.Samples { [ServiceConfiguration(typeof(ISelectionQuery))] public class MySelectionQuery : ISelectionQuery { SelectItem[] _items; public MySelectionQuery() { _items = new SelectItem[] { new SelectItem() { Text = String.Empty, Value = String.Empty }, new SelectItem() { Text = "Alternative1", Value = "1" }, new SelectItem() { Text = "Alternative 2", Value = "2" } }; } //Will be called when the editor types something in the selection editor. public IEnumerable<ISelectItem> GetItems(string query) { return _items.Where(i => i.Text.StartsWith(query, StringComparison.OrdinalIgnoreCase)); } //Will be called when initializing an editor with an existing value to get the corresponding text representation. public ISelectItem GetItemByValue(string value) { return _items.FirstOrDefault(i => i.Value.Equals(value)); } } }</code></pre> Add the AutoSuggestionEditor attribute with your properties as below and set the AllowCustomValues property to true so that the editor is not forced to select one of the suggested choices. By default, this property is set to false and the editor must select one of the suggested values. <pre class="language-csharp"><code>[AutoSuggestSelection(typeof(MySelectionQuery))] public virtual string SelectionEditor1 { get; set; } [AutoSuggestSelection(typeof(MySelectionQuery), AllowCustomValues = true)] public virtual string SelectionEditor2 { get; set; }</code></pre>2023-12-28T11:22:21.0000000Z

Blog post

Top tip - Health ChecksWhether your site is a DXP or an Azure-hosted site, you may need to determine the state of your application as if it's healthy or unhealthy. EPiServer.Cms.HealthCheck will provide you an endpoint as /epi/health, The Blog (<a href="/link/e7fd6d67f00e484d94be75b644c597be.aspx">https://world.optimizely.com/blogs/scott-reed/dates/2023/3/optimizely-dxp-health-checks-and-creating-custom-checks/</a>) by Scott Reed explains this setup for CMS 12 in detail. It doesn't limit us to service health only, Service can be extended for many other scenarios such as listing the vulnerabilities, and checking up on some configurations or DB table sizes. The blog is a bit old but still worth reading (<a href="https://www.codeart.dk/blog/2021/5/new-project-optimizely-episerver-health-checker/">https://www.codeart.dk/blog/2021/5/new-project-optimizely-episerver-health-checker/</a>). "love what you do"2023-12-26T14:28:06.0000000Z

Blog post

Monolith, JAMStack, SPA, or Composable, Optimizely CMS is the best fitEach website architecture has its own benefits and challenges. Monolith is a traditional and proven architecture to deliver web apps, combining FE and BE. To craft a JAMStack site, you employ static-site generation tools such as NextJS or Gatsby. These tools transform your website into HTML during the building process, thus introducing a game-changing shift as pages are constructed at a separate juncture. JAMStack is often confused with SPA, but there are a few fundamental differences. A Single Page Application (SPA) is constructed directly within a user's browser. When a visitor requests a page, the markup and JavaScript are transmitted to the user's browser, and the webpage is dynamically assembled in real time. Composable architecture focuses on Infrastructure as code, infrastructure automation, multi-cloud strategy, and portfolio rationalization. Optimizely does not drive the architecture anymore but gives the flexibility to adopt any architecture that suits best to business for all of your content requirements. <img src="https://i.ibb.co/Sy4p6fB/architecture.jpg" width="661" alt="Options" height="263" style="display: block; margin-left: auto; margin-right: auto;" /> <ul> <li>SAS Core was introduced on Opticon San Deigo 2023 along with many other exciting enhancements and will be available in early 2024, PAS Core is the CMS that we know to date, We can get content from any source other than the CMS also</li> <li>Optimizely Graph (Semantic and flexible search) converts your content into a graph structure. Just as search engines crawl the web to construct graph-based content indices, Optimizely Graph reshapes your CMS content for easy querying. It allows you to explore and manipulate your content using the GraphQL standard</li> <li>Builder is a visual editor</li> <li>Single source for all of your content needs, consume content anywhere</li> <li>Content will remain available, even if CMS goes down</li> <li>PAS/Head solution will be available with or without the Optimizely graph</li> </ul>2023-10-14T17:44:53.0000000Z

Blog post

Considerations before you decide to use Content Definition APIWith the introduction of Content Definition API, it became possible to keep the definitions of the content structures, entirely in Front End and design a true headless solution with complete separation of the back end and front end. We can manage types via API and create new types as blocks and pages even without a release of the backend and create strongly typed typescript objects depending on the solution. Before you decide whether the use of Content Definition API is the right solution for you or not, you will need to consider the following points. <ul> <li>Example projects such as <a href="https://github.com/episerver/content-delivery-js-sdk">https://github.com/episerver/content-delivery-js-sdk</a> rely on a single big manifest.json to define all the types. To achieve strongly typed objects, you will still need extra development efforts, there could be different approaches to achieve this, e.g. <a href="https://github.com/episerver/Foundation-spa-react/tree/Cms12/">https://github.com/episerver/Foundation-spa-react/tree/Cms12/</a></li> <li>If you are writing a solution for DXP and considering Content Definition API just for the sake of achieving strongly typed objects, then an alternative approach could be to use Content Graph <a href="/link/2aefcdfa9169413db278877740df254a.aspx">https://world.optimizely.com/blogs/Jonas-Bergqvist/Dates/2022/9/strongly-typed-cms-content-with-typescript--react3/</a></li> <li>Types generated via Content Definition API are of Types from DB, the feature available for CMS Editor for Types from code will not be available.</li> <li>There is no replacement available for some .Net attributes such as AllowedTypes (e.g. to restrict ContentArea for specific blocks)</li> <li>All settings available in the admin UI are not available through the API yet. For example, you cannot manage websites, languages, or translations.</li> <li>Since changes could be made to the same content types but from different sources, there may be conflicts that could affect existing content. To reduce the risk of conflicts, you should add version information to the content types. To deal with the conflicts, follow semantic versioning <a href="https://docs.developers.optimizely.com/content-cloud/v1.7.0-content-definitions-api/docs/semantic-versioning">https://docs.developers.optimizely.com/content-cloud/v1.7.0-content-definitions-api/docs/semantic-versioning</a></li> <li>The Language Branch API is available only in version 3.4.0 or later of the Content Definitions API.</li> </ul>2022-12-30T14:06:19.0000000Z

Blog post

academy.episerver.com - SAP Litmos error'academy.episerver.com' URL wasn't working for me, rather showing some confusing message about SAP Litmos... don't wait that site will come back sooner. Just readjust bookmarks, as 'academy.optimizely.com' is the URL to use onwards. Same credentials should work. 2021-08-16T07:42:24.0000000Z

Blog post

ODP handy reference guide - Web SDKA quick reference guide, developers might need before starting a new ODP/Zaius implementation based on <a href="https://docs.developers.zaius.com/">https://docs.developers.zaius.com/</a> It will be worthy to watch <a href="https://www.david-tec.com/2021/05/video-adding-optimizely-data-platform-to-optimizely-commerce-cloud/">https://www.david-tec.com/2021/05/video-adding-optimizely-data-platform-to-optimizely-commerce-cloud/</a> <div class="mce-toc"> <ul> <li><a href="#mcetoc_1f8pln9370">Authentication</a></li> <li><a href="#mcetoc_1f8pln9381">Batch Requests</a></li> <li><a href="#mcetoc_1f8pln9382">Consent</a></li> <li><a href="#mcetoc_1f8pln9383">Messaging Lists</a></li> <li><a href="#mcetoc_1f8pln9384">Customers/Profiles</a></li> <li><a href="#mcetoc_1f8pln9385">Custom event:</a></li> <li><a href="#mcetoc_1f8pln9386">Standard events:</a></li> </ul> </div> <h2>Authentication</h2> ODP/Zaius provides two forms of authentication: <ul> <li>Public (Tracker ID) - is used for most API calls that send data</li> <li>Private - is used for querying data</li> </ul> Keys are scoped at the account level. When you revoke a private API key, your existing key is available for 12 hours as a grace period. Public API Key and Tracker ID are synonymous. <h2>Batch Requests</h2> Bulk data push should be done in batch, every request can include up to 500 distinct objects. As an example, at 500 customers per request with 10 requests per second as a rate limit, you can process 5,000 customer updates per second. For higher rate limits contact support. <h2>Consent</h2> Consent may impact attempts to send marketing campaigns to the identifier. If noted as opted-out, certain marketing services or channels may skip the identifier, even when qualified for the campaign. Customers who have opted out cannot receive marketing messages. Only transactional messages will be received by these customers. Example:  <pre class="language-javascript"><code>zaius.consent({ consent: true, identifier_field_name: 'email', identifier_value: 'tyler@zaius.com', update_reason: '', update_ts: 123456789, event_data: {} });</code></pre> <h2>Messaging Lists</h2> Group customers for the purposes of tracking their communication preferences. <h2>Customers/Profiles</h2> To Create/Update/View Customer’s profile. Cookie with name ‘vuid’ contains the reference to profile id.<a href="https://docs.developers.zaius.com/api/rest-api/customers"></a> Anonymize - will reset the cookie identifier associated with the browser. Use this when a user logs out or on shared devices between form submissions that include identifiers. Example: <pre class="language-javascript"><code>zaius.customer({ email: "johnny.zaius@zaius.com" },{ first_name: "Johnny", last_name: "Zaius", gender: "M" });</code></pre> Events Customer behaviors are tracked as events. Events are composed of a Type(a categorical name associated with the event), Action(activity a user did within that event type), and additional metadata via fields on the event,  at minimum, events require an event type and an identifier to associate the event with a customer. There are two types of events, custom, and standard, <h2>Custom event:</h2> Example: <pre class="language-javascript"><code>zaius.event("your_event_type_here", { action: "your_event_action_here", example_custom_field: "example_value" });</code></pre> <h2>Standard events:</h2> These are pre-defined event type/action and expected by Zaius to be accompanied with certain fields. The usage of these events makes the usage of Zaius simpler for common use cases. Zaius does not recommend or formally support Order events via the Web SDK to ensure that ad blockers do not block the purchase event. Zaius only supports sending Order refunds, returns & cancellations via API or CSV to ensure that ad blockers do not block these critical events. <a href="https://docs.developers.zaius.com/api/">https://docs.developers.zaius.com/api/</a> <table> <tbody> <tr> <td>Event TYPE</td> <td>Activity</td> <td>Example</td> </tr> <tr> <td>https://docs.developers.zaius.com/web-sdk/events/account</td> <td></td> <td></td> </tr> <tr> <td>account</td> <td>login</td> <td> <pre class="language-javascript"><code>zaius.event("account", { action: "login" });</code></pre> </td> </tr> <tr> <td></td> <td>logout</td> <td> <pre class="language-javascript"><code>zaius.event("account", { action: "logout" });</code></pre> </td> </tr> <tr> <td></td> <td>register</td> <td> <pre class="language-javascript"><code>zaius.event("account", { action: "register" });</code></pre> </td> </tr> <tr> <td></td> <td>update</td> <td> <pre class="language-javascript"><code>zaius.event("account", { action: "update" });</code></pre> </td> </tr> <tr> <td>Anonymize will reset the cookie identifier associated with the browser. Use this when a user logs out or on shared devices between form submissions that include identifiers.</td> <td></td> <td></td> </tr> <tr> <td>anonymise</td> <td></td> <td> <pre class="language-javascript"><code>zaius.anonymize(); </code></pre> </td> </tr> <tr> <td>Zaius will automatically parse the appropriate page path information.</td> <td></td> <td></td> </tr> <tr> <td>pageview</td> <td></td> <td> <pre class="language-javascript"><code>zaius.event("pageview");</code></pre> </td> </tr> <tr> <td>https://docs.developers.zaius.com/web-sdk/events/navigation</td> <td></td> <td></td> </tr> <tr> <td>navigation</td> <td>search</td> <td> <pre class="language-javascript"><code>zaius.event("navigation", { action: "search", search_term:"cameras, vcr", category: "electronics > consumer" });</code></pre> </td> </tr> <tr> <td></td> <td>sort</td> <td> <pre class="language-javascript"><code>zaius.event("navigation", { action: "sort" });</code></pre> </td> </tr> <tr> <td></td> <td>filter</td> <td> <pre class="language-javascript"><code>zaius.event("navigation", { action: "filter" });</code></pre> </td> </tr> <tr> <td>https://docs.developers.zaius.com/web-sdk/customers/consent</td> <td></td> <td></td> </tr> <tr> <td>consent</td> <td>opt-in</td> <td> <pre class="language-javascript"><code>zaius.consent({ consent: true, identifier_field_name: 'email', identifier_value: 'tyler@zaius.com', update_reason: '', update_ts: 123456789, event_data: {} });</code></pre> </td> </tr> <tr> <td></td> <td>opt-out</td> <td></td> </tr> <tr> <td> <a href="https://docs.developers.zaius.com/web-sdk/events/products">https://docs.developers.zaius.com/web-sdk/events/products</a> product_id is required on all events with an event type of product </td> <td></td> <td></td> </tr> <tr> <td>product</td> <td>detail</td> <td> <pre class="language-javascript"><code>zaius.event("product", { action: "detail", product_id: "product-2143" });</code></pre> </td> </tr> <tr> <td></td> <td>add_to_cart</td> <td> <pre class="language-javascript"><code>zaius.event("product", { action: "add_to_cart", product_id: "product-2143" });</code></pre> </td> </tr> <tr> <td></td> <td>remove_from_cart</td> <td> <pre class="language-javascript"><code>zaius.event("product", { action: "remove_from_cart", product_id: "product-2143" });</code></pre> </td> </tr> <tr> <td></td> <td>add_to_wishlist</td> <td> <pre class="language-javascript"><code>zaius.event("product", { action: "add_to_wishlist", product_id: "product-2143" });</code></pre> </td> </tr> <tr> <td></td> <td>remove_from_wishlist</td> <td> <pre class="language-javascript"><code>zaius.event("product", { action: "remove_from_wishlist", product_id: "product-2143" });</code></pre> </td> </tr> <tr> <td>https://docs.developers.zaius.com/web-sdk/events/ads</td> <td></td> <td></td> </tr> <tr> <td>advertisement</td> <td>impression</td> <td> <pre class="language-javascript"><code>zaius.event("advertisement", { action: "impression" });</code></pre> </td> </tr> <tr> <td></td> <td>click</td> <td> <pre class="language-javascript"><code>zaius.event("advertisement", { action: "click" });</code></pre> </td> </tr> <tr> <td> Messaging Lists allow you to group customers for the purposes of tracking their communication preferences. For example, allowing customers to subscribe to your company newsletter or for holiday news.  <div class="reset-3c756112--blockHint-a7403a60"> Zaius does not require customers to be subscribed to a List to receive emails. </div> </td> </tr> <tr> <td>subscribe</td> <td></td> <td> <pre class="language-javascript"><code>// subscribe johnny@zaius.com to newsletter list zaius.subscribe({list_id: 'newsletter', email: 'johnny@zaius.com'}); // unsubscribe johnny@zaius.com from newsletter list zaius.unsubscribe({list_id: 'newsletter', email: 'johnny@zaius.com'}); // subscribe johnny@zaius.com to three lists at once zaius.subscribe({ list_id: ["newsletter", "promotion", "product_update"], email: "johnny@zaius.com" }); // unsubscribe johnny@zaius.com from multiple lists at once zaius.unsubscribe({ list_id: ["newsletter", "product_update"], email: "johnny@zaius.com" }); zaius.subscribe({ // subscribe Johnny to all lists list_id: ["newsletter", "promotion", "product_update"], email: "johnny@zaius.com", // update Johnny's record to include his full name first_name: "Johnny", last_name: "Zaius", // store information on the subscribe events event_custom_field: "my custom value", custom_number_field: 123 }); // zaius.unsubscribe also fully supports this syntax.</code></pre> </td> </tr> </tbody> </table>2021-06-22T11:06:19.0000000Z

Blog post

Zaius was destined to OptimizelyOptimizely(EPiServer)’s CDP journey that started from EPiServer Profile Store, destined to Optimizely Data Platform(Zaius). With the acquisition of Zaius, Optimizely (EPiServer) have a true and one of most sophisticated CDP into their product family. Partners and customers already having licenses of Visitor Intelligence should contact EPiServer/Optimizely support to know more about migrations plans. Visitor Intelligence […]2021-05-28T11:27:39.0000000Z

Blog post

Security MattersNo matter what is the size of your website, your project is handling sensitive information or it’s just a feedback form, Cyber Security matters for all. You are a novice or an expert, a developer, QA, or a solution architect, in your team. A team should have basic knowledge of cyber security. In the project […]2021-01-21T17:33:02.0000000Z

Blog post

Episerver in microservices paradigm“A microservices architecture is an approach to build a server application as a set of small services. That means a microservices architecture is mainly oriented to the back-end, although the approach is also being used for the front end. Each service runs in its own process and communicates with other processes using protocols such as HTTP/HTTPS, WebSockets, or AMQP. Each microservice implements a specific end-to-end domain or business capability within a certain context boundary, and each must be developed autonomously and be deployable independently. Finally, each microservice should own its related domain data model and domain logic and could be based on different data storage technologies (SQL, NoSQL) and different programming languages.”[1] In Microservices architecture generally, contents are also served as a service, aka CaaS. The term CaaS refers to focus on managing structured contents that some restful/web services or feed that other subscribers or applications could consume. CaaS can be referred to as an abstraction on top of a headless CMS delivered via SaaS. A headless CMS is considered a good candidate to use in a microservices architecture. Generally developing a microservice is simple but overall architecture is complex. Planning a strong architecture is a key in microservices-based architectures. Selecting the right CMS is also one of the complex questions if a business is looking for some advanced CMS with features like personalization, analytics, and AI. <h1>Is EPiServer Headless CMS a fit in the microservice landscape?</h1> <img src="https://i.ibb.co/MhZ6MPs/Microservices.jpg" alt="" /> <ul> <li>In EPiServer Headless, contents are served as JSON via a restful API so any programming language can consume.</li> <li>Provide content for native applications that are not HTML-based and Independence to integrate any new channel as we are not bounded with the CMS functionalities.</li> <li>It is Pluggable and configurable web API</li> <li>Support localized content and multi-site scenarios.</li> <li>Support common querying, filtering, and sorting scenarios, able to query contents through Content Search API providing robust filtering and sorting via OData syntax</li> <li>Support returning access-controlled and personalized content where required.</li> <li>Scaleable and secure, Docker could be an option but might not be the best option to set up EpiServer Headless CMS. "Episerver chose <a href="https://azure.microsoft.com/en-us/">Microsoft Azure</a> to support its Customer-Centric Digital Experience Platform, using <a href="https://azure.microsoft.com/en-us/services/kubernetes-service/">Azure Kubernetes Service (AKS)</a> as the orchestration engine for high-availability multitenant microservices and <a href="https://azure.microsoft.com/en-us/services/app-service/">Azure App Service</a> for easily scalable web app deployment". By default supports OAuth and cookie-based authentication, However, it is allowed to customize the authorization flow and use your preferred authorization mechanism like AzureAD or GitHub.</li> <li>Framework agnostic features such as on Page Editing can be used with any javascript framework such as Angular, React, or Vue.</li> </ul> <h2>EPiServer Headless</h2> <a href="/link/6ffa5cb8173a414eac25740deeafdbc8.aspx">https://world.episerver.com/documentation/developer-guides/content-delivery-api/</a> <img src="/link/7ce146c1219c46cfb41062d597a23723.aspx" alt="" /> <h2>Future Of EPiServer Headless</h2> <a href="/link/be8077bc415c4afca844daf0fb0e83bb.aspx">https://world.episerver.com/blogs/martin-ottosen/dates/2019/12/asp-net-core-beta-program/</a> <img src="/link/e64362f8872e492ab4f3191267c0c760.aspx" alt="" /> <h1>Contextual considerations</h1> Conceptually a microservice can be derived as a bounded context in a domain-driven design where each bounded context should have its own model and database. EPiServer CMS as a whole should be considered as a single bounded context. Content in itself can’t be divided further into microservices-based into their types (Images, Textual, or Pdfs).   <h1>Content Considerations</h1> In EPiServer a content item is not necessarily only a web page, it may not have an addressable URL and it may be just a container for data that can be seen as a database record. Sometimes, the same piece of content can be used on a page, on social media or in print which means the content is no longer assigned to a specific channel. Usually, those kinds of content items are simple with only basic property types and some metadata. Content Manager is available to create this kind of content. <a href="/link/dbbcb8c637ae4dcc80685dd99ca3ae05.aspx">https://world.episerver.com/blogs/bartosz-sekula/dates/2020/4/content-manager---lightweight-editing-ui/</a> <img src="/link/a4d4968ba9234975b52bfe6fe9719702.aspx" alt="" /> <img src="/link/d9d8c3d5dc6249f88ad78c93cc70840c.aspx" alt="" /> <h1>SPA implementations with Headless CMS with OPE support</h1> <a href="/link/77c693a1814446ffb2f76af6babbef08.aspx">https://world.episerver.com/blogs/remko-jantzen/dates/2020/5/introducing-foundation-spa-react/</a> <a href="https://github.com/episerver/musicfestival-vue-template">https://github.com/episerver/musicfestival-vue-template</a> References [1] - <a href="https://docs.microsoft.com/en-us/dotnet/architecture/microservices/">https://docs.microsoft.com/en-us/dotnet/architecture/microservices/</a> <a href="/link/dbbcb8c637ae4dcc80685dd99ca3ae05.aspx">https://world.episerver.com/blogs/bartosz-sekula/dates/2020/4/content-manager---lightweight-editing-ui/</a> <a href="https://customers.microsoft.com/en-gb/story/786162-episerver-partner-professional-services-azure">https://customers.microsoft.com/en-gb/story/786162-episerver-partner-professional-services-azure</a>2020-06-02T13:42:12.0000000Z

Blog post

How your site appears in google search resultsSearch engines now look deep into site contents and try to understand more about your site e.g. Google uses structure data to understand more about the content on your page. By providing structured data we not only can get the benefit of special features like rich snippets but also our site will be eligible to appear in graphic search results. By providing structured data you can outstand your site presence in the google search results and in result increase in clickthrough. While searching keyword 'eCommerce' (from the UK, 5th of May 2020) I get the following results. <div class="separator" style="clear: both; text-align: center;"><a href="https://1.bp.blogspot.com/-tKZ7bjdxOv4/XrGWZO9XoqI/AAAAAAAAROg/6e5tDbHHUPQyhFy_E4ZXEqW0SXxmHPwHgCLcBGAsYHQ/s1600/ecommerce.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="859" data-original-width="1345" height="408" src="https://1.bp.blogspot.com/-tKZ7bjdxOv4/XrGWZO9XoqI/AAAAAAAAROg/6e5tDbHHUPQyhFy_E4ZXEqW0SXxmHPwHgCLcBGAsYHQ/s640/ecommerce.JPG" width="640" /></a></div> These are the highlights of the page <ol><li><a href="https://support.google.com/websearch/answer/9351707?p=featured_snippets">Featured snippet</a></li><li>Related Images</li><li>Article</li><li>Books</li><li>People also searched for</li><li>FAQ and the rest of the search results.</li></ol><div>Google supports structured data in the following formats <a href="http://json-ld.org/">JSON-LD</a> (recommended, use this format whenever possible), <a href="https://www.w3.org/TR/microdata/">Microdata</a>, and <a href="https://rdfa.info/">RDFa</a>. Google also uses <a href="https://schema.org/">schema.org</a> vocabulary, but for definitive, google search behaviors, rely on documentation provided on developers.google.com rather schema.org.</div><div> </div><div>There can be several items in your site for which structure data can be provided, e.g. article, breadcrumb, carousel, event, FAQ, logo, organization, or product. You can find examples of JSON-LD structured data code snippets from google <a href="https://developers.google.com/search/docs/data-types/article">here</a>. A full list of vocabulary definition files can be downloaded from <a href="https://schema.org/docs/developers.html">schama.org</a>.  </div><div> </div><div>Implementation of structured data could be very simple to complex depending on your site and the way pages and blocks are structured in the EPiServer site, general structure data guidelines are available <a href="https://developers.google.com/search/docs/guides/sd-policies">here</a>. A reference implementation based on the <a href="https://www.nuget.org/packages/Schema.NET/3.5.0">schema.net</a> package can be found in <a href="https://github.com/episerver/Foundation/tree/develop/src/Foundation.Cms/SchemaMarkup">EPiServer foundation project</a>. (Credits: Paul Gruffydd)</div><div> </div><div> </div><div> </div>2020-05-06T10:06:00.0000000Z

Blog post

Will your site be effected in Chrome 80Chrome 80 will treat cookies as SameSite=Lax by default if no SameSite attribute is specified and will reject insecure SameSite=None cookies. <ul> <li><a href="https://www.chromestatus.com/feature/5088147346030592">https://www.chromestatus.com/feature/5088147346030592</a></li> <li><a href="https://www.chromestatus.com/feature/5633521622188032">https://www.chromestatus.com/feature/5633521622188032</a></li> </ul> Out of the box EPi Server's CMS website functionality isn't effected, but it might be effecting other areas of your website. e.g. your integrations with Identity Providers using protocols such as SAML 2.0 or OpenID Connect or  analytics cookies that your web application creating as a third-party cookie or any feature depending on third party dependent cookies or if you are querying APIs from a third-party domain.  References: <ul> <li><a href="https://www.chromestatus.com/features/schedule">https://www.chromestatus.com/features/schedule</a></li> <li><a href="/link/a182c387633d45cda9e39c6a1aafc035.aspx">https://world.episerver.com/forum/developer-forum/-Episerver-75-CMS/Thread-Container/2020/1/upcoming-samesite-cookie-changes-and-episerver/</a></li> <li><a href="https://auth0.com/blog/browser-behavior-changes-what-developers-need-to-know/">https://auth0.com/blog/browser-behavior-changes-what-developers-need-to-know/</a></li> <li><a href="https://devblogs.microsoft.com/aspnet/upcoming-samesite-cookie-changes-in-asp-net-and-asp-net-core/">https://devblogs.microsoft.com/aspnet/upcoming-samesite-cookie-changes-in-asp-net-and-asp-net-core/</a></li> <li><a href="https://www.chromium.org/updates/same-site">https://www.chromium.org/updates/same-site</a></li> <li><a href="https://www.seerinteractive.com/blog/samesite-security-update-chrome/">https://www.seerinteractive.com/blog/samesite-security-update-chrome/</a></li> <li><a href="https://webkit.org/blog/8828/intelligent-tracking-prevention-2-2/">https://webkit.org/blog/8828/intelligent-tracking-prevention-2-2/</a></li> </ul> Google announced it would end support for third-party cookies in Chrome by 2022 <ul> <li><a href="https://blog.chromium.org/2020/01/building-more-private-web-path-towards.html">https://blog.chromium.org/2020/01/building-more-private-web-path-towards.html</a></li> <li><a href="https://marketingland.com/marketers-respond-to-google-chrome-cookie-decision-with-mixture-of-hope-and-fear-274792">https://marketingland.com/marketers-respond-to-google-chrome-cookie-decision-with-mixture-of-hope-and-fear-274792</a></li> </ul> 2020-02-03T19:56:24.0000000Z

Blog post

Use of strategy pattern to change page behaviourThere are scenarios where we have to change our page behavior or algorithms at run time based on Epi Configurations. Generally, a developer approaches with if-else statements to deal with this by compromising design principals. We can get help from the Strategy Pattern to adhere to SOLID principals. Below is an Illustrations for a fake scenario to demonstrate implementation where editors will set a recipe filter to change the results of the page or selecting the right dataset for the page. <img src="https://i.ibb.co/kJKJCCZ/strategy.jpg" alt="" /> EPiServer Page and configurations <pre class="language-csharp"><code>public enum LayoutType { Diabitic, HighProtein, LowFat, HighFibre } /// <summary> /// Create an interface for configuration /// </summary> public interface IStrategyConfiguration { LayoutType LayoutType { get; set; } } /// <summary> /// Implement Configuration in your page or block /// </summary> public class RecipeLandingPage : PageData, IStrategyConfiguration { [Display(GroupName = SystemTabNames.Settings, Name = "Layout", Description = "Select page layout")] public LayoutType LayoutType { get; set; } }</code></pre> PageController/factory where we need to change the algorithm at runtime. <pre class="language-csharp"><code>/// <summary> /// Page Controller /// </summary> public class RecipeLandingPageController : PageController<RecipeLandingPage> { /// <summary> /// IRecipeFilterSelector is a resolver that will select right IRecipeFilter for us /// </summary> private readonly IRecipeFilterSelector _recipeFilterSelector; public RecipeLandingPageController(IRecipeFilterSelector recipeFilterSelector) { _recipeFilterSelector = recipeFilterSelector; } public async Task<ActionResult> Index(RecipeLandingPage currentPage) { //Select a filter based on epi configurations var filter = _recipeFilterSelector.GetRecipeFilter(currentPage.LayoutType); var pageModel = YourPageModel(currentPage); pageModel.Advertisements = filter.GetAdvertisements(); pageModel.Suggestions = filter.GetSuggestions(); return View(model); } }</code></pre> We need IRecipeFilterSelector that could return us correct IRecipeFilter. <pre class="language-csharp"><code> /// <summary> /// will resolve correct IRecipeFilter /// </summary> public interface IRecipeFilterSelector { IRecipeFilter GetRecipeFilter(LayoutType layoutType); } /// <summary> /// Select IRecipeFilter based on EPiCongigurations /// </summary> public class RecipeFilterSelector : IRecipeFilterSelector { private readonly IEnumerable<IRecipeFilter> _recipeFilters; // structuremap will push all implementations of IRecipeFilter public RecipeFilterSelector(IEnumerable<IRecipeFilter> recipeFilters) { _recipeFilters = recipeFilters; } public IRecipeFilter GetRecipeFilter(LayoutType layoutType) { return _recipeFilters.FirstOrDefault(x => x.LayoutType == layoutType); } } </code></pre> We need separate implementations for IRecipeFilter <pre class="language-markup"><code>/// <summary> /// Main service /// </summary> public interface IRecipeFilter { LayoutType LayoutType { get; } IList<Advertisement> GetAdvertisements(); IList<Suggestion> GetSuggestions(); } /// <summary> /// Separation of concerns achieved, implementation for specific scenarios /// </summary> public class DiabiticRecipeFilter : IRecipeFilter { public LayoutType LayoutType => LayoutType.Diabitic; public IList<Advertisement> GetAdvertisements() { throw new NotImplementedException(); } public IList<Suggestion> GetSuggestions() { throw new NotImplementedException(); } } /// <summary> /// Separation of concerns achieved, implementation for specific scenarios /// </summary> public class HighProteinRecipeFilter : IRecipeFilter { public LayoutType LayoutType => LayoutType.HighProtein; public IList<Advertisement> GetAdvertisements() { throw new NotImplementedException(); } public IList<Suggestion> GetSuggestions() { throw new NotImplementedException(); } } </code></pre> Join these pieces in structuremap to work together <pre class="language-csharp"><code>//Collect all implementations of IRecipeFilter c.Scan(s => { s.AssemblyContainingType(typeof(IRecipeFilter)); s.AddAllTypesOf(typeof(IRecipeFilter)); }); //pass this to selector c.For<IRecipeFilterSelector>().Use<RecipeFilterSelector>().Singleton();</code></pre> <img src="https://i.ibb.co/wp1nYbs/final.jpg" alt="" /> Be SOLID in the new year! Happy new year!2020-01-01T16:32:05.0000000Z

Blog post