The tools you use to manage your eCommerce business are as valuable as the keys to a flagship store. Those systems contain priceless information about your inventory, your orders, and your product feed that connect to online marketplaces and essential digital channels.

That’s why they need to be protected with the kind of security that AWS Cognito MFA (multi-factor authentication) can provide.

Much like showing an employee identification card when you show up in an office, authentication technologies are a way to confirm that only authorized people are logging into your backend infrastructure.
For years, authentication was often limited to the use of passwords, even though they were often forgotten by employees and easy to guess by cybercriminals.

Multi-factor authentication (MFA) provides additional layers of protection to digital platforms by requiring additional credentials. These could include something you know, such as a PIN, sending a text to your smartphone, or even scanning biometric data like your fingerprint or your face.

At Highstreet.io, we’re reducing the burden on brands to focus on security and offer peace of mind by standardizing our user authentication based on AWS Cognito MFA.

This post offers some more detail on our approach, and why it will let you spend more time on the products you’re selling and the customers you’re serving.

Platform Authentication – A Technical Choice Using AWS

We’ve standardized on AWS Cognito MFA because it was purposely designed to help organizations authenticate and manage users whether they’re looking into a web portal or a mobile app.

In Highstreet.io’s case, the main component for authentication is based on a directory of people who will need to access the platform, which is called a user pool.

This provides a seamless way to manage each user’s profile while also checking for suspicious activity such as an attempt by a hacker to take over someone’s account or to verify a credential like an e-mail address.

We like Cognito MFA because it’s scalable as more users get added, and it also allows customization at the user interface (UI) level, which means we can provide a front end that’s familiar and easy to use.

Components of the Infrastructure Authentication

When you put a key in a lock, you don’t usually get to see the gears and other components that turn and allow you to open a door. The diagram below provides an insider view of what happens when your users are logging into Highstreet.io.

HS authentication drawio

The system makes use of Amazon Elastic Container Service (ECS), which are environments where application programming interfaces (APIs) can be created and run in isolation from the underlying hardware.

When you’re trying to authenticate who you are, the user pool grants tokens that authorize requests that get made to the containerized HTTP API.

Once you’ve been authenticated, you can dive into Highstreet.io and begin configuring your product feeds for more accurate ads, marketplace listings, and more.

Infrastructure as Code

Keeping this kind of backend infrastructure with the needs of a business would have traditionally required a lot of time and effort, but Highstreet.io’s use of infrastructure has changed all that.

What is infrastructure as code? Think of it as a way of using coding to automate complex processes rather than relying on manual (and often error-prone work).

More specifically, we learn about Terraform’s infrastructure as code software to create, change and improve our user authentication.

Where Highstreet.io stands: What you get as a Customer

Combining infrastructure as code with AWS Cognito MFA, we’re able to provide a cost-effective, high-speed, consistent, and secure user authentication experience that benefits all our customers.

Having complete control and visibility over who’s logging on at all times also means Highstreet.io can continuously improve our approach to AWS Cognito multi-factor authentication.
Terraform helps us keep track of versioning so that changes to the underlying infrastructure can happen incrementally, as new eCommerce needs emerge.

You might not think about how users are logging into Highstreet.io on a day-to-day basis, or whether your organization is at any risk of an IT security incident. That’s a good sign we’re doing our jobs right – and another great reason to count on us as a trusted feed management partner.


Contact us to learn more about Highstreet.io’s best-in-class technology team and how we can help you accelerate your business growth.