Blog posts by K Khan

Blog posts by K Khan 2025-12-21T17:31:32.0000000Zhttps://world.optimizely.com/blogs/K-Khan-/ Optimizely World Troubleshooting with Azure Application Insights Using KQLUsers at least get access to Azure Application Insights even within minimum access level if you are requesting access to DXP management portals at https://world.optimizely.com/service-request-forms/access-to-dxp-portal/. Azure Application Insights is a powerful application performance monitoring (APM) service that helps you track the health, performance, and usage of your applications in real time. It offers end‑to‑end observability through telemetry such as requests, dependencies, exceptions, traces, and custom events, enabling developers to quickly detect anomalies, diagnose issues, and understand user behaviour. With built‑in dashboards, analytics, and seamless integration with Azure Monitor, it provides deep insights that improve reliability, optimize performance, and enhance the overall user experience. There will be moments when provided dash board won't be just enough, Developer will need to do queries to telemetries, Kusto Query Language (KQL) is the engine that unlocks that data. KQL gives you the flexibility to slice and analyze telemetry at scale. KQL Basics Application Insights stores telemetry in tables such as: <ul> <li>requests -Incoming HTTP requests - name, url, duration, resultCode, success</li> <li>dependencies - External calls (DB, APIs) - type, target, name, duration, success</li> <li>exceptions - Application exceptions - type, message, outerMessage, problemId</li> <li>traces - Custom log messages - message, severityLevel</li> <li>customMetrics - Custom performance - metrics    name, value</li> <li>pageViews - Client-side page views - name, url, duration</li> <li>traces</li> <li>availabilityResults</li> <li>customEvents</li> </ul> Common Operators <ul> <li>where - Filter rows</li> <li>project - Select specific columns</li> <li>summarize - Aggregations (count, avg, percentiles)</li> <li>extend - Create calculated fields</li> <li>join - Combine tables</li> <li>order by - Sort results</li> <li>take - Limit rows</li> </ul> Limitations <ul> <li>Query Timeout: 3 minutes maximum execution time, Large datasets may require sampling or time filtering.</li> <li>Result Set Size: Maximum 500,000 rows returned</li> <li>Data Retention: 90 days for detailed data (configurable up to 730 days), Long-term retention requires exporting to Log Analytics or Storage.</li> <li>Concurrent Queries: Throttling applied under heavy loads</li> <li>Sampling: Application Insights may apply adaptive sampling. This can affect counts unless you use itemCount.</li> <li>No Data Modification: KQL is read-only. You cannot update or delete telemetry.</li> <li>Join Limitations: Joining large tables can be slow or truncated.</li> <li>Query Complexity: Some advanced operations (e.g., recursive logic) are not supported.</li> </ul> Best Practices for Monitoring & Troubleshooting <pre class="language-csharp"><code>Use Time Filters Early requests | where timestamp > ago(1h) This improves performance dramatically. Project Only What You Need | project name, duration Reduces memory and speeds up queries. Use Summaries for High-Volume Data Instead of returning thousands of rows: | summarize count() by name Use itemCount When Sampling Is Enabled | summarize total = sum(itemCount) Correlate Telemetry Using Operation Id requests | join traces on operation_Id</code></pre> KQL References for future refernce <pre class="language-csharp"><code>// Basic query pattern TableName | where Timestamp > ago(1d) // Filtering | where Operation_Name == "HomeController.Index" | project Column1, Column2 // Selecting columns | summarize Count = count() by Column1 // Aggregation | order by Count desc // Sorting | limit 10 // Limiting results Filtering with where: requests | where timestamp > ago(24h) | where success == false | where duration > 1000 // Duration in milliseconds Selecting columns with project: requests | project timestamp, name, url, duration, resultCode | take 100 Aggregation with summarize: requests | summarize AvgDuration = avg(duration), RequestCount = count(), FailedCount = countif(success == false) by name, bin(timestamp, 1h) Top 5 Slowest Requests: requests | where timestamp > ago(7d) | top 5 by duration desc | project timestamp, name, duration, url, resultCode Failure Rate Trend: requests | where timestamp > ago(30d) | summarize TotalRequests = count(), FailedRequests = countif(success == false) by bin(timestamp, 1d) | extend FailureRate = FailedRequests * 100.0 / TotalRequests | order by timestamp asc | render timechart Exception Analysis: exceptions | where timestamp > ago(1d) | summarize Count = count() by type, innermostMessage | order by Count desc | take 20 Alert on Patterns, Not Single Events Use: avg(duration) percentile(duration, 95) count() Explore Requests requests | summarize count(), avg(duration) by name Find Failing Dependencies dependencies | where success == false | summarize count() by target, type Trace-Level Debugging traces | where severityLevel >= 3 | order by timestamp desc Exception Analysis exceptions | summarize count() by type, innermostMessage User Behavior customEvents | summarize count() by name End-to-End Transaction Diagnostics requests | where operation_Id == "<operation-id>" Using parse to Extract Data traces | parse message with "User:" userId ", Action:" action Using bin() for Time Bucketing requests | summarize count() by bin(timestamp, 5m) Using join for Correlation requests | join kind=leftouter dependencies on operation_Id Using make-series for Time-Series Analysis requests | make-series count() on timestamp in range(ago(1d), now(), 1h)</code></pre>      2025-12-21T17:31:32.0000000Z

Blog post

Opal Core ConceptsBefore you dive into the code, it's crucial to understand the foundational ideas that make Opal tick. Core concepts are consistent across all its SDKs.  <h2>The Tool Manifest</h2> Imagine you're introducing your tool to the Opal platform for the first time. You need a well-structured document that explains exactly what it is, what it needs, and how to use it. That document is the Tool Manifest. It’s the single source of truth that ensures Opal understands your tool perfectly. This JSON blueprint contains all the essential details: Name & Description: The human-readable "elevator pitch" for your tool. Parameters: A detailed list of every input your tool expects, including their names, data types (string, number, boolean, etc.), and whether they are required or optional. How to Invoke: The technical instructions: the specific HTTP endpoint (URL) and method (GET/POST) Opal should call to run your tool. Authentication Requirements: Instructions on what, if any, credentials are needed. <h2> The Discovery Endpoint</h2> This is a specific URL your tool service must expose, typically at /discovery. When you register your tool with Opal, this is the first place it will "knock on the door." Its sole job is to respond to Opal's call by returning that all-important Tool Manifest we just discussed. This is how Opal dynamically discovers every tool your service offers, without you having to manually configure each one in a UI. This endpoint is the critical handshake between your service and the Opal platform. If it's down, returns an error, or provides a malformed manifest, the conversation stops before it even begins. The SDKs automate its creation, so you can focus on your tool's logic. <h2>Tool Execution</h2> This is the main event—the process where Opal calls your tool to do its actual job. A user or process in Opal triggers your tool. Opal packages up all the provided parameters into a neat HTTP request (a POST with a JSON body). This request is sent to your tool's designated execution endpoint. Your tool processes the request, performs its task (query a database, call an API, run a calculation, etc.), and then returns a structured response (as JSON) back to Opal. This is the "work" phase. Understanding the expected request format and designing a clear response is key to implementing your tool's core functionality effectively. <h2>Authentication</h2> The essential security layer that ensures only authorized requests from Opal can trigger your tools and access their capabilities. Bearer Tokens: A simple yet powerful method where Opal passes a secret token in the Authorization header. Your tool's first job is to validate this token before doing anything else. OAuth Flows: For tools that interact with third-party services (like Google or Salesforce), your tool can leverage OAuth through Opal to securely access user data. The Opal SDKs provide built-in helpers to simplify implementing these critical security measures.   <h2>Do you want to learn more?</h2> <a href="/link/4249083e620549929b1c57a60a377190.aspx">https://world.optimizely.com/blogs/allthingsopti/dates/2025/8/a-day-in-the-life-of-an-optimizely-developer---the-optimizely-opal-tools-sdk-how-to-extend-opal-with-your-own-superpowers/</a>  2025-09-13T14:10:38.0000000Z

Blog post

API Dcumentation referencesOptimizely provides a wide array of APIs designed to empower developers to create rich, scalable, and personalized digital experiences. Below is an overview of some of the most valuable APIs you might want to explore for your next project, along with a quick summary for each. 1. SaaS CMS Content API (Preview 3)Documentation LinkThis API … <a href="https://digitalpixie.co.uk/api-dcumentation-references" class="more-link">Continue reading "API Dcumentation references"</a>2025-08-24T12:00:00.0000000Z

Blog post

Commerce extension points: Order Group TotalIn many business scenarios, calculating the Order Total involves complex logic, such as dynamic handling fees based on items, packages, or custom rules. The default IOrderGroupCalculator implementation in DefaultOrderGroupCalculator may not suffice for these advanced requirements. DefaultOrderGroupCalculator service computes following and custom class can override related method. Extending the Calculation Logic Instead of fully replacing IOrderGroupCalculator, you can implement custom … <a href="https://digitalpixie.co.uk/commerce-extension-points-order-group-total" class="more-link">Continue reading "Commerce extension points: Order Group Total"</a>2025-07-20T15:18:29.0000000Z

Blog post

Comerce Connect calatog caching settingsA critical aspect of Commerce Connect is the caching mechanism for the product catalog, which enhances performance by reducing database load and improving data retrieval times. By effectively configuring and managing the catalog caching mechanisms in Optimizely Commerce Connect, applications can achieve improved performance, reduce server load, and ensure that users receive up-to-date catalog. <h1>Catalog Caching Configurations</h1> These settings help manage how long different types of catalog data are stored in the cache before expiration, thereby optimizing data retrieval and system performance. <h3>Commerce Connect V13</h3> Caching for each subsystem, including catalogs and orders, is configured within its respective configuration files. For example, caching for catalogs can be found in ecf.catalog.config located in the site's configs folder. <pre class="language-markup"><code><Cache enabled="true" collectionTimeout="0:5:0" entryTimeout="0:5:0" nodeTimeout="0:5:0" schemaTimeout="1:0:0"/></code></pre> <h3>Commerce Connect V14</h3>  Cache settings for the Catalogs subsystem, using AppSettings.json <pre class="language-markup"><code>"EPiServer": { "Commerce": { "CatalogOptions": { "Cache": { "UseCache": true, "ContentVersionCacheExpiration": "00:05:00", "CollectionCacheExpiration": "00:05:00", "EntryCacheExpiration": "00:05:00", "NodeCacheExpiration": "00:05:00" } } } }</code></pre> Cache settings for the Catalogs subsystem can be used using Startup also. <pre class="language-csharp"><code>public void ConfigureServices(IServiceCollection services) { services.Configure<CatalogOptions>(o => { o.Cache.UseCache = true; o.Cache.ContentVersionCacheExpiration = TimeSpan.FromMinutes(05); o.Cache.CollectionCacheExpiration = TimeSpan.FromMinutes(05); o.Cache.EntryCacheExpiration = TimeSpan.FromMinutes(05); o.Cache.NodeCacheExpiration = TimeSpan.FromMinutes(05); }); }</code></pre> <ul> <li>UseCache: Enables or disables caching.</li> <li>ContentVersionCacheExpiration: Sets the cache duration for content versions.</li> <li>CollectionCacheExpiration: Defines the cache duration for an array of entries. The cached data primarily consists of CatalogEntryDto objects. Since the Entry object is derived from the Data Transfer Object (DTO), the DTO itself is cached. However, it is also possible to cache the Entry objects directly instead of the DTO in some cases.</li> <li>EntryCacheExpiration: Specifies the cache duration for individual catalog entries. The cached data primarily consists of CatalogEntryDto objects.</li> <li>NodeCacheExpiration: Determines the cache duration for catalog nodes.</li> </ul> <h2>Cache Invalidation</h2> Cache invalidation ensures that outdated or modified data does not persist in the cache, maintaining data consistency. In the catalog subsystem, the cache is invalidated under the following circumstances: Expiration: Cached data is automatically invalidated when it reaches the specified timeout duration. Data Updates: If a catalog object is updated, the corresponding cache entries are invalidated to reflect the changes.   References: <a href="https://docs.developers.optimizely.com/customized-commerce/docs/caching">https://docs.developers.optimizely.com/customized-commerce/docs/caching</a>2025-02-14T11:22:03.0000000Z

Blog post

Dynamic packages in Commerce ConnectIn Optimizely Commerce Connect, you can group different items using packages and bundles. <ul> <li>Package: A package has one or more versions of a product (called variants) and possibly other packages. It has one SKU (a unique code) and one price. When you add a package to a shopping cart, it appears as a single item.</li> <li>Bundle: A bundle is a group of packages, products, and variants, each with its price. Unlike packages, each item in a bundle appears separately in the cart, allowing customers to buy several items at once but treat each as its cart item</li> </ul> From EPiServer.Commerce 14.29.0 you can have dynamic packages <ul> <li>Dynamic Package (beta): This is similar to a regular package but gives customers more choices. It includes multiple products, each with one or more variants, and has a single SKU and price. Customers can choose which version (variant) of each product they want in the package. Like a regular package, it shows up as one item in the cart.</li> </ul> <h1>Dynamic Packages </h1> There are many use cases where dynamic packages help. A very common use case is when customers are selecting some internet service provider along with a phone line or TV, Telecom companies allow users to dynamically create packages based on their service needs, combining internet, cable, and phone services. On a travel website, customers can create their travel packages by selecting a combination of flights, hotels, car rentals, and activities. This dynamic packaging enables customers to tailor their trip based on their budget, preferred airlines, hotel standards, and desired experiences. The dynamic packages feature in Commerce Connect is currently in beta from 14.29.0. It is disabled by default. Developer's documentation: <a href="https://docs.developers.optimizely.com/customized-commerce/docs/dynamic-packages">https://docs.developers.optimizely.com/customized-commerce/docs/dynamic-packages</a> 2024-11-01T12:22:28.0000000Z

Blog post

keep special characters in URLWhen creating a page, the default URL segment validation automatically replaces special characters with their standard equivalents (e.g., "ä" is replaced with "a"). However, some clients may require these special characters to remain intact in URLs for non-English versions of their website. <pre class="language-csharp"><code>var validChars = "ü ö ä ß ó ñ á á é í ó ő ú ü ñ"; </code></pre> For CMS 12 <pre class="language-csharp"><code>//Startup.cs services.Configure<UrlSegmentOptions>(config => { config.SupportIriCharacters = true; config.ValidCharacters = @"A-Za-z0-9\-_~\.\$" + validChars; }); </code></pre> For CMS 11 <pre class="language-csharp"><code>[InitializableModule] [ModuleDependency(typeof(EPiServer.Web.InitializationModule))] public class UrlSegmentConfigurationModule : IConfigurableModule { public void ConfigureContainer(ServiceConfigurationContext context) { var validChars = "ü ö ä ß ó ñ á á é í ó ő ú ü ñ"; context.Services.RemoveAll<UrlSegmentOptions>(); context.Services.AddSingleton<UrlSegmentOptions>(s => new UrlSegmentOptions { SupportIriCharacters = true, ValidCharacters = @"\p{L}0-9\-_~\.\$" + validChars }); } public void Initialize(InitializationEngine context){} public void Uninitialize(InitializationEngine context) { } }</code></pre> References: <ul> <li><a href="https://support.optimizely.com/hc/en-us/articles/115005062883-Enable-special-characters-in-URL-Segment">https://support.optimizely.com/hc/en-us/articles/115005062883-Enable-special-characters-in-URL-Segment</a></li> <li><a href="/link/a5c3e4adc40b463f91f27b7092631e27.aspx">https://world.optimizely.com/blogs/Minesh-Shah/Dates/2023/2/url-rewrites-in-cms12--net-6-/</a></li> <li><a href="https://www.w3.org/International/articles/idn-and-iri/">An Introduction to Multilingual Web Addresses</a> </li> </ul>2024-09-19T16:47:59.0000000Z

Blog post

Opti ID overviewOpti ID allows you to log in once and switch between Optimizely products using Okta, Entra ID, or a local account. You can also manage all your users from one place. you can watch an interactive demo <a href="https://optimizely.navattic.com/awr50u0h">here</a>.  The Optimizely platform offers: <ul> <li>A single login (Single Sign-On or SSO) with support for multi-factor authentication (MFA), using your own MFA setup and directory authentication provider.</li> <li>The ability to switch between apps without having to log in again.</li> <li>The option to manage users, groups, and roles with Opti ID.</li> <li>A dashboard for managing account information, usage, and billing.</li> </ul> Opti ID is currently available for the following Optimizely products: <ul> <li>Commerce Connect</li> <li>Configured Commerce</li> <li>Content Management System (CMS 12) </li> <li>Optimizely CMS SaaS</li> <li>Content Marketing Platform (CMP)</li> <li>Digital Experience Platform (DXP)</li> <li>Experimentation</li> <li>Experiment Collaboration</li> <li>Optimizely Data Platform (ODP)</li> <li>Product Information Management (PIM)</li> <li>Product Recommendations</li> </ul> It is easy to set up Opti ID in your solution with the following steps: <ol> <li> Install the NuGet Package:  <pre class="language-csharp"><code>dotnet add package EPiServer.OptimizelyIdentity</code></pre> </li> <li> Enable Opti ID: In your Startup.cs file, add the following line in the ConfigureServices method to enable Opti ID globally <pre class="language-csharp"><code>services.AddOptimizelyIdentity(useAsDefault: true);</code></pre> This makes Opti ID, active throughout the application, including in shell modules, preview, and edit modes. You can customize authentication schemes using AuthenticationOptions if needed. </li> <li> Remove Unnecessary Services: If you're not using ASP.NET Identity, remove any calls to services.AddCmsAspNetIdentity(). </li> <li> Virtual Roles: Opti ID automatically maps the virtual roles CmsEditors and CmsAdmins. If you already have these mappings, you'll need to remove them. </li> <li> Testing: Ensure your user is assigned to at least one built-in system role for the CMS before testing. Deploy your changes to DXP or run the application locally with Opti ID set up. </li> <li> Running Opti ID Locally: <a href="https://localhost:7595"></a>To configure local usage, add these settings in your appsettings.json file. These are automatically provided when deploying to the Optimizely Digital Experience Platform (DXP) or can be found in the DXP Management Portal under API > Opti ID dev key <div class="overflow-y-auto p-4"> <pre class="language-javascript"><code>{ "EPiServer": { "Cms": { "OptimizelyIdentity": { "InstanceId": "xxx", "ClientId": "xxx", "ClientSecret": "xxx" } } } }</code></pre> Opti ID will work locally with the following ports: https://localhost:5000 https://localhost:5096 https://localhost:6921 <a href="https://localhost:7595">https://localhost:7595</a> References: https://support.optimizely.com/hc/en-us/articles/12613241464461-Get-started-with-Opti-ID </div> </li> </ol>2024-07-26T09:35:21.0000000Z

Blog post

Optimizely Forms: Safeguarding Your DataWith the rise of cyber threats and privacy concerns, safeguarding sensitive information has become a top priority for businesses across all industries. As organizations collect and manage data through various channels, ensuring the security of online forms has become crucial. Optimizely Forms, offers a robust solution for creating and managing forms, but how does it fare in terms of security? Content authors can design multiple kinds of forms, Whether it's collecting customer feedback, processing orders, gathering leads, or forms that may contain sensitive data. Sensitive information submitted through forms could be vulnerable to various threats, including data breaches, unauthorized access, and manipulation. Forms can ask users to upload files, a user-uploaded file can also be a threat or a sensitive document.  Optimizely Forms offers a comprehensive set of security features, customizations, and capabilities to protect user data and mitigate security risks. However, ensuring security is a shared responsibility and requires a proactive approach, encompassing continuous monitoring, updates, and adherence to best practices to safeguard against evolving threats and developers and editor's training. To address security concerns, Optimizely Forms offers several built-in or customizable security features, including <a href="https://docs.developers.optimizely.com/content-management-system/v1.2.0-forms/docs/encrypting-form-data">data encryption</a>, <a href="https://docs.developers.optimizely.com/content-management-system/v1.2.0-forms/docs/creating-new-data-storage-mechanism">data storage mechanisms</a>, v<a href="https://docs.developers.optimizely.com/content-management-system/v1.2.0-forms/docs/creating-form-element-with-validator">alidation and sanitization</a>, <a href="https://docs.developers.optimizely.com/content-management-system/v1.2.0-forms/docs/configuring-optimizely-forms">limited access control</a>, CAPTCHA Integration, and <a href="https://docs.developers.optimizely.com/content-management-system/v1.2.0-forms/docs/customizing-retention-policies">data retention policies</a>. It is <a href="https://docs.developers.optimizely.com/content-management-system/v1.2.0-forms/docs/webhooks-actor">not required to store data</a> within the CMS database. Those should be considered while implementing and using Forms. Organizations can enhance the security of Optimizely Forms by following these best practices: User Education: Educate users about security best practices, such as creating strong passwords, recognizing phishing attempts, and exercising caution when sharing sensitive information via Optimizely Forms. e.g. If submitted data is stored in Forms, then it will be visible to any editors who have access to CMS regardless the data is related or not. User-uploaded files can appear in Search results within the CMS or globally if not taken care of. Regular Updates: Stay vigilant about applying software updates and patches released by Optimizely to address known vulnerabilities and security flaws in Optimizely Forms. Strong Authentication: Implement strong authentication mechanisms, such as multi-factor authentication (MFA), to verify the identities of users accessing Optimizely Forms backend interfaces and administrative dashboards. Security Testing: Conduct regular security assessments, including penetration testing and vulnerability scanning, to identify and remediate potential security weaknesses in Optimizely Forms implementations. Malware Scan for User uploaded files: Implement <a href="https://learn.microsoft.com/en-us/azure/defender-for-cloud/defender-for-storage-malware-scan">scanning</a> of user-uploaded files, solutions will be different, depending on the infrastructure.2024-05-16T07:48:22.0000000Z

Blog post

Top tip: Better, do not save EPiServer.Foms submissions for sensitive dataIf your website utilizes EPiServer.Forms and includes forms where users can upload files, there is a significant probability that the Find/Search Indexing Job will also index those files. Consequently, these files may become accessible through searches facilitated by Find. Editors navigating the Editor area may encounter these files when searching for images, potentially leading to public availability of search results also depending on implementations. To address this issue, a straightforward solution is to cease indexing user-uploaded files. One possible approach to prevent the indexing of uploaded files from forms is outlined in the code below. <pre class="language-csharp"><code>ContentIndexer.Instance.Conventions.ForInstancesOf<IContentMedia>().ShouldIndex(x => _contentLoader.GetAncestors(documentFileBase.ParentLink).Select(x=>x.Name).Contains( EPiServer.Forms.Constants.FileUploadFolderName)); </code></pre> This will stop indexing users' uploaded files, and certainly slow down the indexing job as we will be loading ancestors. It's important to note that despite this adjustment, users' uploaded files will remain accessible to all editors through the Form Submissions View. Depending on the sensitivity of the uploaded user's data, it's imperative to consider this accessibility. Ideally, in cases where user data is sensitive, refrain from saving form submissions within forms due to the limited security associated with form submissions. Editors play a pivotal role in designing forms, and their training is crucial, particularly in alignment with the nature of the business, the type of information they will be gathering, and the relevant legislation. Training should ensure that editors understand the intricacies of data collection, its implications, and compliance requirements. 2024-03-22T10:27:12.0000000Z

Blog post

Toptip - what is .well-known folderWithin your <code>~/public</code> folder, you may come across a directory named ".well-known." This directory is frequently employed in web-based protocols to retrieve "site-wide metadata" related to a host before initiating a request. It's important to note that the absence of this folder doesn't necessarily indicate an issue; it simply means it hasn't been utilized or generated yet. Here are some examples of what you might find in the ".well-known" directory: <ol> <li>.well-known/security.txt: Contains information about a website's security policies and <a href="https://securitytxt.org/">contact information for security researchers</a>. Please read some helpful blogs on this topic. <a href="https://www.gulla.net/en/blog/security.txt">https://www.gulla.net/en/blog/security.txt</a> <a href="https://optimizely.blog/2023/03/easy-implementation-of-security.txt-with-minimal-api-.net-core">https://optimizely.blog/2023/03/easy-implementation-of-security.txt-with-minimal-api-.net-core</a></li> <li> .well-known/apple-app-site-association (AASA): Used for <a href="https://developer.apple.com/library/archive/documentation/General/Conceptual/AppSearch/UniversalLinks.html">associating iOS apps with websites</a>, enabling features like Universal Links. This file doesn't have an extension. </li> <li>.well-known/assetlinks.json: Used in the context of Android App Links. <a href="https://developer.android.com/training/app-links/verify-android-applinks">Android App Links</a> are a way to associate a website with a specific Android app, allowing the app to open when certain links are clicked, even if the app is not currently installed on the device.</li> </ol>2024-01-15T12:46:00.0000000Z

Blog post

Top tip - Auto Suggestion for editorsAuto-suggestion can significantly enhance the efficiency, consistency, and overall quality of content created and managed by editors in a content management system. It serves as a valuable tool that supports editors in maintaining high standards and streamlining their workflow. This small feature can benefit editors in many ways such as saving time by predicting and suggesting words or phrases for some fields as they type. It can promote consistency in writing style and terminology across the content. Editors will adhere to specific style guides or content standards if required for some fields. Developers can add simple built-in auto-suggestions for editors to select when working in the edit view of Optimizely Content Management System (CMS) Create a Custom selection class by inheriting ISelectionQuery e.g. <pre class="language-csharp"><code>using System; using System.Collections.Generic; using System.Linq; using EPiServer.ServiceLocation; using EPiServer.Shell.ObjectEditing; namespace EPiServer.Samples { [ServiceConfiguration(typeof(ISelectionQuery))] public class MySelectionQuery : ISelectionQuery { SelectItem[] _items; public MySelectionQuery() { _items = new SelectItem[] { new SelectItem() { Text = String.Empty, Value = String.Empty }, new SelectItem() { Text = "Alternative1", Value = "1" }, new SelectItem() { Text = "Alternative 2", Value = "2" } }; } //Will be called when the editor types something in the selection editor. public IEnumerable<ISelectItem> GetItems(string query) { return _items.Where(i => i.Text.StartsWith(query, StringComparison.OrdinalIgnoreCase)); } //Will be called when initializing an editor with an existing value to get the corresponding text representation. public ISelectItem GetItemByValue(string value) { return _items.FirstOrDefault(i => i.Value.Equals(value)); } } }</code></pre> Add the AutoSuggestionEditor attribute with your properties as below and set the AllowCustomValues property to true so that the editor is not forced to select one of the suggested choices. By default, this property is set to false and the editor must select one of the suggested values. <pre class="language-csharp"><code>[AutoSuggestSelection(typeof(MySelectionQuery))] public virtual string SelectionEditor1 { get; set; } [AutoSuggestSelection(typeof(MySelectionQuery), AllowCustomValues = true)] public virtual string SelectionEditor2 { get; set; }</code></pre>2023-12-28T11:22:21.0000000Z

Blog post

Top tip - Health ChecksWhether your site is a DXP or an Azure-hosted site, you may need to determine the state of your application as if it's healthy or unhealthy. EPiServer.Cms.HealthCheck will provide you an endpoint as /epi/health, The Blog (<a href="/link/e7fd6d67f00e484d94be75b644c597be.aspx">https://world.optimizely.com/blogs/scott-reed/dates/2023/3/optimizely-dxp-health-checks-and-creating-custom-checks/</a>) by Scott Reed explains this setup for CMS 12 in detail. It doesn't limit us to service health only, Service can be extended for many other scenarios such as listing the vulnerabilities, and checking up on some configurations or DB table sizes. The blog is a bit old but still worth reading (<a href="https://www.codeart.dk/blog/2021/5/new-project-optimizely-episerver-health-checker/">https://www.codeart.dk/blog/2021/5/new-project-optimizely-episerver-health-checker/</a>). "love what you do"2023-12-26T14:28:06.0000000Z

Blog post

Monolith, JAMStack, SPA, or Composable, Optimizely CMS is the best fitEach website architecture has its own benefits and challenges. Monolith is a traditional and proven architecture to deliver web apps, combining FE and BE. To craft a JAMStack site, you employ static-site generation tools such as NextJS or Gatsby. These tools transform your website into HTML during the building process, thus introducing a game-changing shift as pages are constructed at a separate juncture. JAMStack is often confused with SPA, but there are a few fundamental differences. A Single Page Application (SPA) is constructed directly within a user's browser. When a visitor requests a page, the markup and JavaScript are transmitted to the user's browser, and the webpage is dynamically assembled in real time. Composable architecture focuses on Infrastructure as code, infrastructure automation, multi-cloud strategy, and portfolio rationalization. Optimizely does not drive the architecture anymore but gives the flexibility to adopt any architecture that suits best to business for all of your content requirements. <img src="https://i.ibb.co/Sy4p6fB/architecture.jpg" width="661" alt="Options" height="263" style="display: block; margin-left: auto; margin-right: auto;" /> <ul> <li>SAS Core was introduced on Opticon San Deigo 2023 along with many other exciting enhancements and will be available in early 2024, PAS Core is the CMS that we know to date, We can get content from any source other than the CMS also</li> <li>Optimizely Graph (Semantic and flexible search) converts your content into a graph structure. Just as search engines crawl the web to construct graph-based content indices, Optimizely Graph reshapes your CMS content for easy querying. It allows you to explore and manipulate your content using the GraphQL standard</li> <li>Builder is a visual editor</li> <li>Single source for all of your content needs, consume content anywhere</li> <li>Content will remain available, even if CMS goes down</li> <li>PAS/Head solution will be available with or without the Optimizely graph</li> </ul>2023-10-14T17:44:53.0000000Z

Blog post

Considerations before you decide to use Content Definition APIWith the introduction of Content Definition API, it became possible to keep the definitions of the content structures, entirely in Front End and design a true headless solution with complete separation of the back end and front end. We can manage types via API and create new types as blocks and pages even without a release of the backend and create strongly typed typescript objects depending on the solution. Before you decide whether the use of Content Definition API is the right solution for you or not, you will need to consider the following points. <ul> <li>Example projects such as <a href="https://github.com/episerver/content-delivery-js-sdk">https://github.com/episerver/content-delivery-js-sdk</a> rely on a single big manifest.json to define all the types. To achieve strongly typed objects, you will still need extra development efforts, there could be different approaches to achieve this, e.g. <a href="https://github.com/episerver/Foundation-spa-react/tree/Cms12/">https://github.com/episerver/Foundation-spa-react/tree/Cms12/</a></li> <li>If you are writing a solution for DXP and considering Content Definition API just for the sake of achieving strongly typed objects, then an alternative approach could be to use Content Graph <a href="/link/2aefcdfa9169413db278877740df254a.aspx">https://world.optimizely.com/blogs/Jonas-Bergqvist/Dates/2022/9/strongly-typed-cms-content-with-typescript--react3/</a></li> <li>Types generated via Content Definition API are of Types from DB, the feature available for CMS Editor for Types from code will not be available.</li> <li>There is no replacement available for some .Net attributes such as AllowedTypes (e.g. to restrict ContentArea for specific blocks)</li> <li>All settings available in the admin UI are not available through the API yet. For example, you cannot manage websites, languages, or translations.</li> <li>Since changes could be made to the same content types but from different sources, there may be conflicts that could affect existing content. To reduce the risk of conflicts, you should add version information to the content types. To deal with the conflicts, follow semantic versioning <a href="https://docs.developers.optimizely.com/content-cloud/v1.7.0-content-definitions-api/docs/semantic-versioning">https://docs.developers.optimizely.com/content-cloud/v1.7.0-content-definitions-api/docs/semantic-versioning</a></li> <li>The Language Branch API is available only in version 3.4.0 or later of the Content Definitions API.</li> </ul>2022-12-30T14:06:19.0000000Z

Blog post

academy.episerver.com - SAP Litmos error'academy.episerver.com' URL wasn't working for me, rather showing some confusing message about SAP Litmos... don't wait that site will come back sooner. Just readjust bookmarks, as 'academy.optimizely.com' is the URL to use onwards. Same credentials should work. 2021-08-16T07:42:24.0000000Z

Blog post

ODP handy reference guide - Web SDKA quick reference guide, developers might need before starting a new ODP/Zaius implementation based on <a href="https://docs.developers.zaius.com/">https://docs.developers.zaius.com/</a> It will be worthy to watch <a href="https://www.david-tec.com/2021/05/video-adding-optimizely-data-platform-to-optimizely-commerce-cloud/">https://www.david-tec.com/2021/05/video-adding-optimizely-data-platform-to-optimizely-commerce-cloud/</a> <div class="mce-toc"> <ul> <li><a href="#mcetoc_1f8pln9370">Authentication</a></li> <li><a href="#mcetoc_1f8pln9381">Batch Requests</a></li> <li><a href="#mcetoc_1f8pln9382">Consent</a></li> <li><a href="#mcetoc_1f8pln9383">Messaging Lists</a></li> <li><a href="#mcetoc_1f8pln9384">Customers/Profiles</a></li> <li><a href="#mcetoc_1f8pln9385">Custom event:</a></li> <li><a href="#mcetoc_1f8pln9386">Standard events:</a></li> </ul> </div> <h2>Authentication</h2> ODP/Zaius provides two forms of authentication: <ul> <li>Public (Tracker ID) - is used for most API calls that send data</li> <li>Private - is used for querying data</li> </ul> Keys are scoped at the account level. When you revoke a private API key, your existing key is available for 12 hours as a grace period. Public API Key and Tracker ID are synonymous. <h2>Batch Requests</h2> Bulk data push should be done in batch, every request can include up to 500 distinct objects. As an example, at 500 customers per request with 10 requests per second as a rate limit, you can process 5,000 customer updates per second. For higher rate limits contact support. <h2>Consent</h2> Consent may impact attempts to send marketing campaigns to the identifier. If noted as opted-out, certain marketing services or channels may skip the identifier, even when qualified for the campaign. Customers who have opted out cannot receive marketing messages. Only transactional messages will be received by these customers. Example:  <pre class="language-javascript"><code>zaius.consent({ consent: true, identifier_field_name: 'email', identifier_value: 'tyler@zaius.com', update_reason: '', update_ts: 123456789, event_data: {} });</code></pre> <h2>Messaging Lists</h2> Group customers for the purposes of tracking their communication preferences. <h2>Customers/Profiles</h2> To Create/Update/View Customer’s profile. Cookie with name ‘vuid’ contains the reference to profile id.<a href="https://docs.developers.zaius.com/api/rest-api/customers"></a> Anonymize - will reset the cookie identifier associated with the browser. Use this when a user logs out or on shared devices between form submissions that include identifiers. Example: <pre class="language-javascript"><code>zaius.customer({ email: "johnny.zaius@zaius.com" },{ first_name: "Johnny", last_name: "Zaius", gender: "M" });</code></pre> Events Customer behaviors are tracked as events. Events are composed of a Type(a categorical name associated with the event), Action(activity a user did within that event type), and additional metadata via fields on the event,  at minimum, events require an event type and an identifier to associate the event with a customer. There are two types of events, custom, and standard, <h2>Custom event:</h2> Example: <pre class="language-javascript"><code>zaius.event("your_event_type_here", { action: "your_event_action_here", example_custom_field: "example_value" });</code></pre> <h2>Standard events:</h2> These are pre-defined event type/action and expected by Zaius to be accompanied with certain fields. The usage of these events makes the usage of Zaius simpler for common use cases. Zaius does not recommend or formally support Order events via the Web SDK to ensure that ad blockers do not block the purchase event. Zaius only supports sending Order refunds, returns & cancellations via API or CSV to ensure that ad blockers do not block these critical events. <a href="https://docs.developers.zaius.com/api/">https://docs.developers.zaius.com/api/</a> <table> <tbody> <tr> <td>Event TYPE</td> <td>Activity</td> <td>Example</td> </tr> <tr> <td>https://docs.developers.zaius.com/web-sdk/events/account</td> <td></td> <td></td> </tr> <tr> <td>account</td> <td>login</td> <td> <pre class="language-javascript"><code>zaius.event("account", { action: "login" });</code></pre> </td> </tr> <tr> <td></td> <td>logout</td> <td> <pre class="language-javascript"><code>zaius.event("account", { action: "logout" });</code></pre> </td> </tr> <tr> <td></td> <td>register</td> <td> <pre class="language-javascript"><code>zaius.event("account", { action: "register" });</code></pre> </td> </tr> <tr> <td></td> <td>update</td> <td> <pre class="language-javascript"><code>zaius.event("account", { action: "update" });</code></pre> </td> </tr> <tr> <td>Anonymize will reset the cookie identifier associated with the browser. Use this when a user logs out or on shared devices between form submissions that include identifiers.</td> <td></td> <td></td> </tr> <tr> <td>anonymise</td> <td></td> <td> <pre class="language-javascript"><code>zaius.anonymize(); </code></pre> </td> </tr> <tr> <td>Zaius will automatically parse the appropriate page path information.</td> <td></td> <td></td> </tr> <tr> <td>pageview</td> <td></td> <td> <pre class="language-javascript"><code>zaius.event("pageview");</code></pre> </td> </tr> <tr> <td>https://docs.developers.zaius.com/web-sdk/events/navigation</td> <td></td> <td></td> </tr> <tr> <td>navigation</td> <td>search</td> <td> <pre class="language-javascript"><code>zaius.event("navigation", { action: "search", search_term:"cameras, vcr", category: "electronics > consumer" });</code></pre> </td> </tr> <tr> <td></td> <td>sort</td> <td> <pre class="language-javascript"><code>zaius.event("navigation", { action: "sort" });</code></pre> </td> </tr> <tr> <td></td> <td>filter</td> <td> <pre class="language-javascript"><code>zaius.event("navigation", { action: "filter" });</code></pre> </td> </tr> <tr> <td>https://docs.developers.zaius.com/web-sdk/customers/consent</td> <td></td> <td></td> </tr> <tr> <td>consent</td> <td>opt-in</td> <td> <pre class="language-javascript"><code>zaius.consent({ consent: true, identifier_field_name: 'email', identifier_value: 'tyler@zaius.com', update_reason: '', update_ts: 123456789, event_data: {} });</code></pre> </td> </tr> <tr> <td></td> <td>opt-out</td> <td></td> </tr> <tr> <td> <a href="https://docs.developers.zaius.com/web-sdk/events/products">https://docs.developers.zaius.com/web-sdk/events/products</a> product_id is required on all events with an event type of product </td> <td></td> <td></td> </tr> <tr> <td>product</td> <td>detail</td> <td> <pre class="language-javascript"><code>zaius.event("product", { action: "detail", product_id: "product-2143" });</code></pre> </td> </tr> <tr> <td></td> <td>add_to_cart</td> <td> <pre class="language-javascript"><code>zaius.event("product", { action: "add_to_cart", product_id: "product-2143" });</code></pre> </td> </tr> <tr> <td></td> <td>remove_from_cart</td> <td> <pre class="language-javascript"><code>zaius.event("product", { action: "remove_from_cart", product_id: "product-2143" });</code></pre> </td> </tr> <tr> <td></td> <td>add_to_wishlist</td> <td> <pre class="language-javascript"><code>zaius.event("product", { action: "add_to_wishlist", product_id: "product-2143" });</code></pre> </td> </tr> <tr> <td></td> <td>remove_from_wishlist</td> <td> <pre class="language-javascript"><code>zaius.event("product", { action: "remove_from_wishlist", product_id: "product-2143" });</code></pre> </td> </tr> <tr> <td>https://docs.developers.zaius.com/web-sdk/events/ads</td> <td></td> <td></td> </tr> <tr> <td>advertisement</td> <td>impression</td> <td> <pre class="language-javascript"><code>zaius.event("advertisement", { action: "impression" });</code></pre> </td> </tr> <tr> <td></td> <td>click</td> <td> <pre class="language-javascript"><code>zaius.event("advertisement", { action: "click" });</code></pre> </td> </tr> <tr> <td> Messaging Lists allow you to group customers for the purposes of tracking their communication preferences. For example, allowing customers to subscribe to your company newsletter or for holiday news.  <div class="reset-3c756112--blockHint-a7403a60"> Zaius does not require customers to be subscribed to a List to receive emails. </div> </td> </tr> <tr> <td>subscribe</td> <td></td> <td> <pre class="language-javascript"><code>// subscribe johnny@zaius.com to newsletter list zaius.subscribe({list_id: 'newsletter', email: 'johnny@zaius.com'}); // unsubscribe johnny@zaius.com from newsletter list zaius.unsubscribe({list_id: 'newsletter', email: 'johnny@zaius.com'}); // subscribe johnny@zaius.com to three lists at once zaius.subscribe({ list_id: ["newsletter", "promotion", "product_update"], email: "johnny@zaius.com" }); // unsubscribe johnny@zaius.com from multiple lists at once zaius.unsubscribe({ list_id: ["newsletter", "product_update"], email: "johnny@zaius.com" }); zaius.subscribe({ // subscribe Johnny to all lists list_id: ["newsletter", "promotion", "product_update"], email: "johnny@zaius.com", // update Johnny's record to include his full name first_name: "Johnny", last_name: "Zaius", // store information on the subscribe events event_custom_field: "my custom value", custom_number_field: 123 }); // zaius.unsubscribe also fully supports this syntax.</code></pre> </td> </tr> </tbody> </table>2021-06-22T11:06:19.0000000Z

Blog post

Zaius was destined to OptimizelyOptimizely(EPiServer)’s CDP journey that started from EPiServer Profile Store, destined to Optimizely Data Platform(Zaius). With the acquisition of Zaius, Optimizely (EPiServer) have a true and one of most sophisticated CDP into their product family. Partners and customers already having licenses of Visitor Intelligence should contact EPiServer/Optimizely support to know more about migrations plans. Visitor Intelligence […]2021-05-28T11:27:39.0000000Z

Blog post

Security MattersNo matter what is the size of your website, your project is handling sensitive information or it’s just a feedback form, Cyber Security matters for all. You are a novice or an expert, a developer, QA, or a solution architect, in your team. A team should have basic knowledge of cyber security. In the project […]2021-01-21T17:33:02.0000000Z

Blog post

Episerver in microservices paradigm“A microservices architecture is an approach to build a server application as a set of small services. That means a microservices architecture is mainly oriented to the back-end, although the approach is also being used for the front end. Each service runs in its own process and communicates with other processes using protocols such as HTTP/HTTPS, WebSockets, or AMQP. Each microservice implements a specific end-to-end domain or business capability within a certain context boundary, and each must be developed autonomously and be deployable independently. Finally, each microservice should own its related domain data model and domain logic and could be based on different data storage technologies (SQL, NoSQL) and different programming languages.”[1] In Microservices architecture generally, contents are also served as a service, aka CaaS. The term CaaS refers to focus on managing structured contents that some restful/web services or feed that other subscribers or applications could consume. CaaS can be referred to as an abstraction on top of a headless CMS delivered via SaaS. A headless CMS is considered a good candidate to use in a microservices architecture. Generally developing a microservice is simple but overall architecture is complex. Planning a strong architecture is a key in microservices-based architectures. Selecting the right CMS is also one of the complex questions if a business is looking for some advanced CMS with features like personalization, analytics, and AI. <h1>Is EPiServer Headless CMS a fit in the microservice landscape?</h1> <img src="https://i.ibb.co/MhZ6MPs/Microservices.jpg" alt="" /> <ul> <li>In EPiServer Headless, contents are served as JSON via a restful API so any programming language can consume.</li> <li>Provide content for native applications that are not HTML-based and Independence to integrate any new channel as we are not bounded with the CMS functionalities.</li> <li>It is Pluggable and configurable web API</li> <li>Support localized content and multi-site scenarios.</li> <li>Support common querying, filtering, and sorting scenarios, able to query contents through Content Search API providing robust filtering and sorting via OData syntax</li> <li>Support returning access-controlled and personalized content where required.</li> <li>Scaleable and secure, Docker could be an option but might not be the best option to set up EpiServer Headless CMS. "Episerver chose <a href="https://azure.microsoft.com/en-us/">Microsoft Azure</a> to support its Customer-Centric Digital Experience Platform, using <a href="https://azure.microsoft.com/en-us/services/kubernetes-service/">Azure Kubernetes Service (AKS)</a> as the orchestration engine for high-availability multitenant microservices and <a href="https://azure.microsoft.com/en-us/services/app-service/">Azure App Service</a> for easily scalable web app deployment". By default supports OAuth and cookie-based authentication, However, it is allowed to customize the authorization flow and use your preferred authorization mechanism like AzureAD or GitHub.</li> <li>Framework agnostic features such as on Page Editing can be used with any javascript framework such as Angular, React, or Vue.</li> </ul> <h2>EPiServer Headless</h2> <a href="/link/6ffa5cb8173a414eac25740deeafdbc8.aspx">https://world.episerver.com/documentation/developer-guides/content-delivery-api/</a> <img src="/link/7ce146c1219c46cfb41062d597a23723.aspx" alt="" /> <h2>Future Of EPiServer Headless</h2> <a href="/link/be8077bc415c4afca844daf0fb0e83bb.aspx">https://world.episerver.com/blogs/martin-ottosen/dates/2019/12/asp-net-core-beta-program/</a> <img src="/link/e64362f8872e492ab4f3191267c0c760.aspx" alt="" /> <h1>Contextual considerations</h1> Conceptually a microservice can be derived as a bounded context in a domain-driven design where each bounded context should have its own model and database. EPiServer CMS as a whole should be considered as a single bounded context. Content in itself can’t be divided further into microservices-based into their types (Images, Textual, or Pdfs).   <h1>Content Considerations</h1> In EPiServer a content item is not necessarily only a web page, it may not have an addressable URL and it may be just a container for data that can be seen as a database record. Sometimes, the same piece of content can be used on a page, on social media or in print which means the content is no longer assigned to a specific channel. Usually, those kinds of content items are simple with only basic property types and some metadata. Content Manager is available to create this kind of content. <a href="/link/dbbcb8c637ae4dcc80685dd99ca3ae05.aspx">https://world.episerver.com/blogs/bartosz-sekula/dates/2020/4/content-manager---lightweight-editing-ui/</a> <img src="/link/a4d4968ba9234975b52bfe6fe9719702.aspx" alt="" /> <img src="/link/d9d8c3d5dc6249f88ad78c93cc70840c.aspx" alt="" /> <h1>SPA implementations with Headless CMS with OPE support</h1> <a href="/link/77c693a1814446ffb2f76af6babbef08.aspx">https://world.episerver.com/blogs/remko-jantzen/dates/2020/5/introducing-foundation-spa-react/</a> <a href="https://github.com/episerver/musicfestival-vue-template">https://github.com/episerver/musicfestival-vue-template</a> References [1] - <a href="https://docs.microsoft.com/en-us/dotnet/architecture/microservices/">https://docs.microsoft.com/en-us/dotnet/architecture/microservices/</a> <a href="/link/dbbcb8c637ae4dcc80685dd99ca3ae05.aspx">https://world.episerver.com/blogs/bartosz-sekula/dates/2020/4/content-manager---lightweight-editing-ui/</a> <a href="https://customers.microsoft.com/en-gb/story/786162-episerver-partner-professional-services-azure">https://customers.microsoft.com/en-gb/story/786162-episerver-partner-professional-services-azure</a>2020-06-02T13:42:12.0000000Z

Blog post