We are here to simplify: we know that connecting Adobe Commerce easily, with its integrations and data flows, can be problematic. But it doesn’t have to be: Weavee was created with the mission to simplify the integration and maintenance of those connections. Weavee was built to monitor and report real-time issues so that problems can be resolved on time and minimize business impact.

The services that make up Weavee are organized and managed within the same resource group in Azure. This facilitates centralized management and consistent application of security policies.

Communication between the Weavee administration frontend site and the backend is carried out via the HTTPS (Hypertext Transfer Protocol Secure) protocol. This protocol provides an additional layer of security by encrypting the data transmitted during communication between both components.

Azure Entra ID is a service that provides cloud-based authentication and authorization capabilities, securely managing identities and access. Key features include:

- Multi-Factor Authentication (MFA): The service is configured to require users to verify their identity through two authentication methods, significantly reducing the risk of unauthorized access.
- OAuth 2.0 and OpenID Connect Protocols: Weavee uses OAuth 2.0 and OpenID Connect protocols to ensure secure authentication, ensuring that user credentials are not exposed directly.

Weavee uses Entra ID to manage the service's user directory, ensuring secure and centralized management of authentication.

Weavee uses Azure Cosmos DB, a globally distributed database designed for scalability and high availability. Security measures for this service include:

- Data Encryption at Rest and in Transit: All data stored in Cosmos DB is encrypted using AES-256 encryption. Data in transit between the client and the server is also encrypted using TLS/SSL.

Azure Key Vault is a service that provides a secure way to manage cryptographic keys, secrets, and certificates. Key security features include:

- Secure Secret Storage: It allows for the secure storage and access of sensitive information such as passwords, API tokens, and other secrets.

We use Azure Key Vault because it provides the necessary mechanisms to manage and ensure the security of sensitive information such as credentials used in connections during the execution of workflows. For example, in communication with a REST API where authentication relies on user credentials (username and password), Weavee stores these values in Key Vault as secrets, which are only accessible by the platform to execute this communication.