Chapter 2

Setting Up Logpush

Creating an API Client in Account Manager, creating a source, and connecting eCDN Logpush via the CDN Zones API.

2 min readLast updated 26 April 2026
Jump to section

Set up an API Client in Account Manager

You need an API Client with the sfcc.cdn-zones.rw scope to configure Logpush via the CDN Zones API.

  1. Log in to Account Manager
  2. Go to API Client > Add API Client
  3. Set Display Name (e.g. "Blankitt Edge Logpush") and set a Password (this becomes your client_secret)
  4. Scroll to OpenID Connect and configure:
    • Default Scopes: clear the default (mail) and enter sfcc.cdn.zones.logpush
    • Allowed Scopes: enter sfcc.cdn.zones.logpush
    • Redirect URIs: leave empty
    • Token Endpoint Auth Method: change from private_key_jwt to client_secret_post
  5. Leave the JWT section (Client JWT Bearer Public Key) empty
  6. Under Organizations, add your org and grant the sfcc.cdn-zones.rw scope
  7. Click Save and note the Client ID at the top of the page

Get an access token:

curl -X POST https://account.demandware.com/dwsso/oauth2/access_token \
  -H "Content-Type: application/x-www-form-urlencoded" \
  -d "grant_type=client_credentials&client_id=<client_id>&client_secret=<client_secret>"

Use the returned access_token (valid 30 min) as a Bearer token for all CDN Zones API calls below.

Create a source

  1. Navigate to Sources in the sidebar
  2. Click New source, choose Cloud or On-prem agent, and enter a name
  3. Copy the Ingest URL and Ingest Secret from the one-time reveal modal

The secret is a 64-character hex string. It's shown once and never again -- if you lose it, rotate to generate a new one.

Configure Logpush via the CDN Zones API

SFCC merchants configure Logpush through the CDN Zones API. Create a Logpush job with these settings:

  • Log type: http_requests
  • Destination type: HTTPS
  • Destination URL: your Edge ingest URL
  • Custom header: header_Authorization: Bearer <your-secret>
  • Fields: select all, or at minimum include BotScore, SecurityActions, CacheCacheStatus, ClientSSLProtocol

Important: Logpush jobs are not enabled upon creation. Use the API to enable the job after creating it.

Note: SFCC eCDN supports a maximum of two Logpush jobs per zone.

Verify the connection

Within a minute of the first batch arriving:

  • The source's last seen timestamp updates on the Sources page
  • Traffic data appears on the Overview page
  • The detector cron starts evaluating

If data doesn't appear after a few minutes, check:

  • Is the source status "active"? (paused sources reject ingest)
  • Does the secret match? (a mismatch returns 401)
  • Is the Logpush job enabled? (jobs start disabled by default)

Still stuck? Email support or open the support widget in the bottom-right.