What Is PXM?

What Is PXM?

PXM for Brands

Lead the digital shelf with product experience management (PXM).

PXM for Retailers

Source supplier product content efficiently and at scale with PXM.

What Is the Digital Shelf?

Learn about the digital shelf, including strategies for winning sales.

Build Winning Shopping Experiences

Learn how to engage and convert more shoppers with these winning tips.

Solutions

For Brands

Centralize

Centralize all your product content, no matter where it lives.

Connect

Connect across the digital shelf to deliver engaging product experiences.

Automate

Learn how to automate manual processes to improve efficiency, accuracy, and product detail page (PDP) conversions.

For Retailers

Onboard

Accelerate your supplier and product data onboarding.

Validate

Ensure up-to-date product data is always available to your customers.

Automate

Gain the freedom to scale your business with automation.
Products

PXM Product Experience Management

PIM

Learn about Salsify’s enterprise PIM solution.

Syndication

Easily syndicate product content to every consumer touch point.

Enhanced Content

Easily enrich product pages with below-the-fold content and rich media.

Catalog Sites

Share customized, up-to-date digital product catalogs.

Automation and AI

Automate business processes and enhance Salsify workflows with AI.

Digital Shelf Analytics

Continuously optimize your organization’s product content syndication.

GDSN Data Pool

Synchronize standard supply chain, marketing, and ecommerce attributes globally.

PXM Platform, Integrations, and APIs

Integrate the PXM platform with the rest of your enterprise systems architecture.

Grocery Accelerator

Leverage the first-ever category-wide PXM accelerator in the grocery industry.

PXM App Center

Gain extensions, integrations, and destinations with the PXM App Center.

SXM Supplier Experience Management

Supplier Onboarding

Accelerate supplier onboarding while ensuring your schema requirements are met.

Product Listing

Sell products faster with Product Listing.

Content Enrichment

Increase online conversions with Content Enrichment.

Automation

Win on the digital shelf by automating manual tasks.

SXM Platform, Integrations, and APIs

Integrate the SXM platform with the rest of your enterprise systems architecture.

PXM Network

Syndication Network

Automate how you exchange product content data to the digital shelf.

Enhanced Content Network

Use Enhanced Content to turn product pages into product experiences.

Commerce Platform Integrations

Create winning product experiences everywhere shoppers are, including on owned sites.

GDSN Data Pool

Synchronize standard supply chain, marketing, and ecommerce attributes globally.

Open Catalog

Connect to the digital shelf faster with an open, standardized, and free product catalog.
Partners

Solution Partners

Find a Solution Partner

Learn more about Salsify solution partners.

Become a Solution Partner

Learn how to become a Salsify solution partner.

Technology Partners

Find a Technology Partner

Learn more about Salsify technology partners.

Become a Technology Partner

Learn how to become a Salsify technology partner.
Resources

Resources

Resource Library

Explore our ecommerce resources to get everything you need to win on the digital shelf.

Blog

Read our blog to get actionable insights for navigating changing markets and industry demands.

Webinars

Watch our on-demand ecommerce webinars to gain expert advice and tips from our community of industry leaders.

Engineering Blog

Explore our engineering blog to get developer resources, insights, and tips.

Events

Register for our upcoming in-person and virtual events to connect with other industry insiders.

Knowledge Base

Investigate our knowledge base to build your Salsify skills and understanding.

Product Updates

Explore the latest news and updates for Salsify products.

API

Examine our comprehensive API and webhook guides to start working with Salsify quickly.
Salsify 2024 Consumer Research Report

2024 Consumer Research: The Modern Buying Journey

Download Salsify's report to get insights into the latest trends and consumer behaviors.

Request Demo
    Request Demo

      Responsible Disclosure

      Salsify looks forward to working with the security community to find vulnerabilities in order to keep our business and customer data safe.

      Please read this entire policy before performing any security testing.

       

      Who Are We

      Salsify provides a best-in-class Product Experience Management (PXM), allowing our customers to create best-in-class commerce experiences through our integrated Product Information, Digital Asset Management, and Experience Builder services. 

      •  Retailer/Distributor clients are able to syndicate in-store and online product experiences across a brand’s entire indirect selling ecosystem
      •  Marketplace & D2C customers are able to manage direct commerce experiences across marketplaces, D2C brand sites, and social commerce channels with an order & inventory listing exchange in the same platform as a brand’s product content data.

       

      Bug Bounty Payments

      Our disclosure program does not offer bug bounty payments. 

       

      In Scope Assets

      Note: Only findings relating to these domains will be treated as valid.

      app.salsify.com

      api.salsify.com

       

      Response Targets

      We will make best efforts to meet the following SLA for Hackers participating in our program.

      First Response = 14 Days

      Time To Triage = 30 Days

      Time To Resolution = Dependent On Severity

      We'll try to keep you informed about our progress throughout the process.

       

      Disclosure Policy

      •  As this is a private program, please do not discuss this program or any vulnerabilities, even resolved ones, outside of the program without express written consent from Salsify.
      •  Follow the Program Rules outlined below.

       

      Program Rules

      •  Please provide detailed reports with reproductive steps.  If the report is not detailed enough to reproduce the issue, the issue may not be marked as triaged.
      • Submit one vulnerability per report, unless you need to chain vulnerabilities to provide impact.
      • When  duplicates occur, we will only triage the first report that was received (provided it can be fully reproduced).
      • Multiple vulnerabilities caused by one underlying issue will be treated as one valid report.
      • Social engineering (e.g. phishing, vishing, smishing) is prohibited.
      • Make a good faith effort to avoid privacy violations, destruction of data, and interruption of our service.  Only interact with accounts you own or with explicit permission of the account holder.

       

      Out Of Scope Vulnerabilities

      When reporting vulnerabilities, please consider

      •  Attack scenarios
      •  Exploitability
      •   Security Impact

       

      The following types of issues are considered out of scope:

      •  CSP configuration.
      •  X- Frame configuration.
      •  Clickjacking on pages with no sensitive data, including those referencing ‘demo’ in the URI.
      • Cross-Site Request Forgery (CSRF) on unauthenticated forms or forms with no sensitive actions.
      • Attacks requiring MITM or physical access to a users device.
      • Previously known vulnerable libraries without a working Proof of Concept.
      • Comma Separated Values (CSV) Injection without demonstrating a vulnerability.
      • Missing best practice in SSL/TLS configuration.
      • Any Activity that could lead to the disruption of our service (DoS).
      • Content spoofing and text injection issues without showing an attack vector or without being able to modify HTML/CSS.
      • Rate limiting or brute force issues on non-authenticated endpoints.
      • Missing best practices in Content Security Policy.
      • Missing HttpOnly or Secure flags on cookies.
      • Missing email best practices (Invalid, incomplete or missing SPF/DKIM/DMARC records, etc.).
      • Vulnerabilities only affecting users of outdated or unpatched browsers.
      • Software version disclosure / Banner identification issues / Descriptive error. messages or headers (e.g. stack traces, application or server errors).
      • Tabnabbing.
      • Open redirect - unless an additional security impact can be demonstrated
      • Issues that require unlikely user interaction.

       

      Safe Harbor

      Any activities conducted in a manner consistent with this policy will be considered authorized conduct and we will not initiate legal action against you.  If legal action is initiated by a third party against you in connection with activities conducted under this policy, we will take steps to make it known that your actions were conducted in compliance with this policy.

       

      Reporting

      If you believe your finding meets the requirements of a valid report for an in-scope asset, please use the following template to ensure you include the following sections in your report:

       

      ——- TEMPLATE START ——-

      ## TITLE

       

      ## SUMMARY

      [add a summary of the vulnerability]

       

      ## IMPACT

       

      ## STEPS TO REPRODUCE (POC)

      [add the specific steps to reproduce the vulnerability]

      1.   [add step]
      2.   [add step]
      3.   [add step]
      4.   [… etc]

       

      ## REFERENCE MATERIAL

       

      ## ATTACHMENTS / SCREENSHOTS

       

      ## SUGGESTED FIX (optional)

       

      ## CONTACT

      [include your email address]

       

      ——- TEMPLATE END ——-

       

      Email your report to:  vdp@salsify.com

       

      Policy Valid Date

      This policy is valid as of July 1st 2021

       

       
      Also of Interest
      Copyright © 2024 Salsify. All Rights Reserved Privacy Policy Terms of Service Security Sitemap Glossary