top of page
Search
Writer's pictureYassine Alahyane

How to Effectively and Securely Accept Donations using Sitecore OrderCloud?


October 13h 2023


For any Non Profit organization, the ability to accept donations is the most important feature of their eCommerce Platform.


In this blog post, I'll provide a quick walkthrough on how you can accept Donations in OrderCloud.


P.S: There may be many possible setups and solutions. I'm sharing the approach I used in an ongoing project.


Donation Product Setup and Identification:

You can set up donations like any other product in the catalog, with Id, Name, Description... but with a Price of 0$

You also need to be able to easily identify a Donation Product. For example: xp.IsDonation = true. You can also include any additional configuration needed in the xp (Extended Properties) of the product. For example: xp.MinimumDonation, xp.StartDate, xp.EndDate...


Add To Cart:

For regular Products, only Product ID is required (and Quantity if > 1) while adding a product to the Cart using POST /cart/lineitems.

The price is then automatically resolved based on the Product ID and the Assigned Price Schedule(s).

When it comes to Donations, we need to be able to dynamically pass the price during Add To Cart.

OrderCloud allows you to override the unit price, but it requires your shopper to have an additional role: OverrideUnitPrice


This Override Role can be assigned to your target shoppers through Security Profiles.

More on security profile here.


But assigning this role to shoppers can constitute a security breach, as you would be allowing users to override Unit Price on any product and not only Donations.

So how do we limit the Unit Price Override to Donations only?

Keep reading...


Validation Pre-hook

To address the security concern above, we can set a Webhook (Pre-Hook), that runs before any Add To Cart action or Line Item Update, and if Unit Price is included in the payload, validate the product is a Donation eligible for Unit Price Override based on xp settings.


Here's an example of this Webhook Setup:


General Information:




Trigger Events:



Make sure your webhook api endpoint returns {proceed: true} when the product is a valid donation product. Otherwise return {proceed: false}, to prevent add to cart.


And that's pretty much all you need to be able to securely accept donations in OrderCloud.

This solution can also apply to any other dynamic pricing scenario.


I hope you find this Post helpful. Feel free to leave Comments or Questions.


P.S: I also highly suggest you perform the same webhook validation in the front-end for a better user experience, and to let the user know why you rejected the 'Add to Cart' action.








69 views0 comments

Comments


bottom of page