icon picker
Technical Approach & Strategy

This page outlines the high-level technical decisions for the RL Style Guide Integration.

System Architecture

CaaStle will provide the app proxy settings once we send the used proxy URL
Ralph Lauren Style Page Integration (1).pdf
123.6 kB

Development Workflow / Tools

Shopify App Proxy

The implementation is a simple , where we will provide a ‘fragment’ as the response.


Bitbucket will be used to store the central code repository. The pipeline will be setup to:
Lint the code
Build assets
Prepare files for deploy to GCP buckets

Quality Assurance

The following QA strategies will be used:
Exploratory Manual Testing: on a limited set of devices without a scripted test plan
Automated Exploratory Testing: using robo tests from

Hosting / Cloud Solution for proxy APP (?)

Google Cloud Platform’s App Engine could be used to host the app’s code. The environment type could be decided later when more details about the required integration with CaaStle services are available.


Nolte has a comprehensive security policy, which was developed in partnership with a third-party security consultant. It includes such requirements as all engineers being trained in security, including OWASP top 10, and all code being peer reviewed.
RL will have the opportunity to run a penetration test should they require.
DLP was activated for all of Nolte’s email accounts.
Code will be stored in Bitbucket. Only the Nolte team have access to the repo and 2-factor authentication is enforced.
The Shopify proxy signature is validated for each request *not required if public content only:
In the process of setting up the app, we will get a key (hash) of the app that can be used to validate that the requests landing on your server are indeed originating from the proxy if we need to validate the request. Shopify has literature on how you can validate the using the hash, once we provide the same.
The integration is based HTTPS request / response and hence is agnostic to the underlying technology stack. So As long as the server that can return the HTML fragment with the appropriate content type the integration should work.
The server serving the fragment on HTTPS with at least TLS 1.2; CaaStle would expect that the provided URI for the proxy to pull the fragment would be on a domain with the appropriate certificate.

Back-up and recovery strategy
Configure automated daily backups. It is assumed that back-ups of data in the CRM will be handled by their respective owners.


Shopify does not manage any caching for the proxy requests, Nolte should anticipate every customer request for the page to be forwarded to the proxy serving the fragment.
As long as the content of the page is not changing, manage the cache within Nolte’s infrastructure. This is abstracted from the client sending the request.
Nolte’s internal infrastructure can send the same cached response for the incoming requests based on a cache expiration policy.
All the requests will land on Nolte’s servers serving the fragment. The cache policy would be internal to Nolte’s infrastructure depending on content being served.
Since the proxied content is a part of the overall request response chain, ideally the server should serve the fragment with the lowest possible latency.

Pending information
An estimate of the expected traffic / # of requests on launch, over time (Scalability)
The expected traffic would potentially depend on how the business intends to use the page and perhaps the business team can address this question better.


The target is WCAG 2.1 AA level. We will implement accessibility best-practices by default, and our designers/engineers are trained in implementing accessible apps. Note this does not guarantee that the implementation will be compliant, it is recommended to perform accessibility testing for a higher level of confidence (Nolte can assist in organizing this if required).


Bitbucket Repo:

Traffic History

Want to print your doc?
This is not the way.
Try clicking the ⋯ next to your doc name or using a keyboard shortcut (
) instead.