eCDN Commands

Commands for managing eCDN (embedded Content Delivery Network) for B2C Commerce storefronts.

Global Flags

All eCDN commands support these flags:

Flag	Description	Environment Variable
`--tenant-id`	B2C Commerce tenant ID	`SFCC_TENANT_ID`
`--short-code`	API short code	`SFCC_SHORT_CODE`
`--json`	Output as JSON	-

Zone Selection

Commands that operate on a specific zone use the --zone / -z flag:

Flag	Description
`--zone`, `-z`	Zone ID (32-char hex) or zone name

Zone names are resolved to IDs automatically via case-insensitive lookup.

Authentication

eCDN commands require OAuth authentication with these scopes:

Operation Type	Required Scope
Read operations	`sfcc.cdn-zones`
Write operations	`sfcc.cdn-zones.rw`

For complete setup instructions, see the Authentication Guide.

Zone Management

b2c ecdn zones list

List all CDN zones for a tenant.

bash

b2c ecdn zones list --tenant-id zzxy_prd

Output

Column	Description
Name	Zone name
ID	Zone ID
Status	Zone status
Type	Zone type (storefront)

b2c ecdn zones create

Create a new storefront zone.

bash

b2c ecdn zones create --tenant-id zzxy_prd --storefront-hostname www.example.com --origin-hostname origin.example.com

Flags

Flag	Description	Required
`--storefront-hostname`	Customer-facing hostname	Yes
`--origin-hostname`	Origin server hostname	Yes

Cache Management

b2c ecdn cache purge

Purge cached content from the CDN.

bash

# Purge by path
b2c ecdn cache purge --zone my-zone --path /products --path /categories

# Purge by cache tag
b2c ecdn cache purge --zone my-zone --tag product-123

# Purge everything
b2c ecdn cache purge --zone my-zone --purge-everything

Flags

Flag	Description
`--path`	Path to purge (can be repeated)
`--tag`	Cache tag to purge (can be repeated)
`--host`	Host for path purging
`--purge-everything`	Purge all cached content

At least one purge method must be specified.

Certificate Management

b2c ecdn certificates list

List certificates for a zone.

bash

b2c ecdn certificates list --zone my-zone

b2c ecdn certificates add

Add a certificate to a zone.

bash

b2c ecdn certificates add --zone my-zone --hostname www.example.com --certificate-file ./cert.pem --private-key-file ./key.pem

Flags

Flag	Description	Required
`--hostname`	Custom hostname	Yes
`--certificate-file`	Path to certificate PEM file	Yes
`--private-key-file`	Path to private key PEM file	Yes

b2c ecdn certificates update

Update a certificate.

bash

b2c ecdn certificates update --zone my-zone --certificate-id abc123 --certificate-file ./new-cert.pem --private-key-file ./new-key.pem

b2c ecdn certificates delete

Delete a certificate.

bash

b2c ecdn certificates delete --zone my-zone --certificate-id abc123

b2c ecdn certificates validate

Validate a custom hostname certificate.

bash

b2c ecdn certificates validate --zone my-zone --certificate-id abc123

Security Settings

b2c ecdn security get

Get security settings for a zone.

bash

b2c ecdn security get --zone my-zone

Output

Displays settings including:

SSL mode
Always use HTTPS
Minimum TLS version
TLS 1.3 status
Automatic HTTPS rewrites
Opportunistic encryption

b2c ecdn security update

Update security settings.

bash

b2c ecdn security update --zone my-zone --ssl-mode full --min-tls-version 1.2 --always-use-https

Flags

Flag	Description	Options
`--ssl-mode`	SSL/TLS mode	`off`, `flexible`, `full`, `strict`
`--min-tls-version`	Minimum TLS version	`1.0`, `1.1`, `1.2`, `1.3`
`--always-use-https` / `--no-always-use-https`	Force HTTPS	-
`--tls-1-3` / `--no-tls-1-3`	Enable TLS 1.3	-
`--automatic-https-rewrites` / `--no-automatic-https-rewrites`	Rewrite HTTP links	-
`--opportunistic-encryption` / `--no-opportunistic-encryption`	Enable opportunistic encryption	-

Speed Settings

b2c ecdn speed get

Get speed optimization settings.

bash

b2c ecdn speed get --zone my-zone

b2c ecdn speed update

Update speed optimization settings.

bash

b2c ecdn speed update --zone my-zone --browser-cache-ttl 14400 --auto-minify-html --auto-minify-css --auto-minify-js

Flags

Flag	Description
`--browser-cache-ttl`	Browser cache TTL in seconds
`--auto-minify-html` / `--no-auto-minify-html`	Auto-minify HTML
`--auto-minify-css` / `--no-auto-minify-css`	Auto-minify CSS
`--auto-minify-js` / `--no-auto-minify-js`	Auto-minify JavaScript
`--brotli` / `--no-brotli`	Enable Brotli compression
`--early-hints` / `--no-early-hints`	Enable Early Hints
`--h2-prioritization` / `--no-h2-prioritization`	HTTP/2 prioritization
`--image-resizing` / `--no-image-resizing`	Enable image resizing
`--mirage` / `--no-mirage`	Enable Mirage
`--polish`	Polish mode (`off`, `lossless`, `lossy`)
`--prefetch-preload` / `--no-prefetch-preload`	Prefetch preload
`--rocket-loader` / `--no-rocket-loader`	Rocket Loader

WAF (Web Application Firewall)

WAF v1 Commands

b2c ecdn waf groups list

List WAF v1 rule groups.

bash

b2c ecdn waf groups list --zone my-zone

b2c ecdn waf groups update

Update a WAF v1 group.

bash

b2c ecdn waf groups update --zone my-zone --group-id abc123 --mode on

Flag	Description	Options
`--mode`	Group mode	`on`, `off`

b2c ecdn waf rules list

List WAF v1 rules in a group.

bash

b2c ecdn waf rules list --zone my-zone --group-id abc123

b2c ecdn waf rules get

Get details of a WAF v1 rule.

bash

b2c ecdn waf rules get --zone my-zone --rule-id abc123

b2c ecdn waf rules update

Update a WAF v1 rule.

bash

b2c ecdn waf rules update --zone my-zone --rule-id abc123 --mode on

WAF v2 Commands

b2c ecdn waf rulesets list

List WAF v2 rulesets.

bash

b2c ecdn waf rulesets list --zone my-zone

b2c ecdn waf rulesets update

Update a WAF v2 ruleset.

bash

b2c ecdn waf rulesets update --zone my-zone --ruleset-id abc123 --action block

b2c ecdn waf managed-rules list

List WAF v2 managed rules.

bash

b2c ecdn waf managed-rules list --zone my-zone

b2c ecdn waf managed-rules update

Update a WAF v2 managed rule.

bash

b2c ecdn waf managed-rules update --zone my-zone --rule-id abc123 --action block

OWASP Settings

b2c ecdn waf owasp get

Get OWASP ModSecurity package settings.

bash

b2c ecdn waf owasp get --zone my-zone

b2c ecdn waf owasp update

Update OWASP package settings.

bash

b2c ecdn waf owasp update --zone my-zone --sensitivity high

WAF Migration

b2c ecdn waf migrate

Migrate a zone from WAF v1 to WAF v2.

bash

b2c ecdn waf migrate --zone my-zone

Logpush

b2c ecdn logpush ownership

Create a Logpush ownership challenge token for destination verification.

bash

b2c ecdn logpush ownership --zone my-zone --destination-path 's3://my-bucket/logs?region=us-east-1'

b2c ecdn logpush jobs list

List Logpush jobs.

bash

b2c ecdn logpush jobs list --zone my-zone

b2c ecdn logpush jobs create

Create a Logpush job.

bash

b2c ecdn logpush jobs create --zone my-zone --name "HTTP logs" --destination-path 's3://my-bucket/logs?region=us-east-1' --log-type http_requests --log-fields ClientRequestHost,ClientRequestMethod

Flags

Flag	Description	Required
`--name`	Job name	Yes
`--destination-path`	Log destination path	Yes
`--log-type`	Type of logs (`http_requests`, `firewall_events`, `nel_reports`, `dns_logs`)	Yes
`--log-fields`	Comma-separated log fields	No
`--filter`	JSON filter expression	No
`--enabled`	Enable job on creation	No

b2c ecdn logpush jobs get

Get Logpush job details.

bash

b2c ecdn logpush jobs get --zone my-zone --job-id 123456

b2c ecdn logpush jobs update

Update a Logpush job.

bash

b2c ecdn logpush jobs update --zone my-zone --job-id 123456 --enabled
b2c ecdn logpush jobs update --zone my-zone --job-id 123456 --no-enabled

b2c ecdn logpush jobs delete

Delete a Logpush job.

bash

b2c ecdn logpush jobs delete --zone my-zone --job-id 123456

Page Shield

Notifications (Organization Level)

b2c ecdn page-shield notifications list

List Page Shield notification webhooks.

bash

b2c ecdn page-shield notifications list --tenant-id zzxy_prd

b2c ecdn page-shield notifications create

Create a notification webhook.

bash

b2c ecdn page-shield notifications create --tenant-id zzxy_prd --url https://example.com/webhook --secret my-secret --zones zone1,zone2

b2c ecdn page-shield notifications delete

Delete a notification webhook.

bash

b2c ecdn page-shield notifications delete --tenant-id zzxy_prd --webhook-id abc123

Policies (Zone Level)

b2c ecdn page-shield policies list

List Page Shield policies.

bash

b2c ecdn page-shield policies list --zone my-zone

b2c ecdn page-shield policies create

Create a Page Shield policy.

bash

b2c ecdn page-shield policies create --zone my-zone --action allow --value script-src --expression 'http.request.uri.path contains "/trusted/"'

Flags

Flag	Description	Required
`--action`	Policy action (`allow`, `log`)	Yes
`--value`	Policy value (e.g., `script-src`)	Yes
`--expression`	Policy expression	No
`--description`	Policy description	No
`--enabled`	Enable policy	No

b2c ecdn page-shield policies get

Get a Page Shield policy.

bash

b2c ecdn page-shield policies get --zone my-zone --policy-id abc123

b2c ecdn page-shield policies update

Update a Page Shield policy.

bash

b2c ecdn page-shield policies update --zone my-zone --policy-id abc123 --enabled

b2c ecdn page-shield policies delete

Delete a Page Shield policy.

bash

b2c ecdn page-shield policies delete --zone my-zone --policy-id abc123

Scripts (Zone Level)

b2c ecdn page-shield scripts list

List detected scripts.

bash

b2c ecdn page-shield scripts list --zone my-zone

b2c ecdn page-shield scripts get

Get script details.

bash

b2c ecdn page-shield scripts get --zone my-zone --script-id abc123

MRT Rules

b2c ecdn mrt-rules get

Get MRT ruleset for a zone.

bash

b2c ecdn mrt-rules get --zone my-zone

b2c ecdn mrt-rules create

Create MRT rules to route requests to a Managed Runtime environment.

bash

b2c ecdn mrt-rules create --zone my-zone --mrt-hostname customer-pwa.mobify-storefront.com --expressions '(http.host eq "example.com")' --descriptions "Route to PWA"

Flags

Flag	Description	Required
`--mrt-hostname`	Managed Runtime instance hostname	Yes
`--expressions`	Comma-separated rule expressions	Yes
`--descriptions`	Comma-separated rule descriptions	No

b2c ecdn mrt-rules update

Update MRT ruleset hostname or add new rules.

bash

b2c ecdn mrt-rules update --zone my-zone --mrt-hostname new-customer-pwa.mobify-storefront.com

b2c ecdn mrt-rules delete

Delete an MRT ruleset and all rules.

bash

b2c ecdn mrt-rules delete --zone my-zone

Individual MRT Rules

b2c ecdn mrt-rules rules update

Update an individual MRT rule.

bash

b2c ecdn mrt-rules rules update --zone my-zone --ruleset-id abc123 --rule-id def456 --enabled

b2c ecdn mrt-rules rules delete

Delete an individual MRT rule.

bash

b2c ecdn mrt-rules rules delete --zone my-zone --ruleset-id abc123 --rule-id def456

mTLS Certificates (Organization Level)

b2c ecdn mtls list

List mTLS certificates.

bash

b2c ecdn mtls list --tenant-id zzxy_prd

b2c ecdn mtls create

Create an mTLS certificate for code upload authentication.

bash

b2c ecdn mtls create --tenant-id zzxy_prd --name "Build Server" --ca-certificate-file ./ca.pem --leaf-certificate-file ./leaf.pem

Flags

Flag	Description	Required
`--name`	Certificate name	Yes
`--ca-certificate-file`	Path to CA certificate PEM	Yes
`--leaf-certificate-file`	Path to leaf certificate PEM	Yes

b2c ecdn mtls get

Get mTLS certificate details.

bash

b2c ecdn mtls get --tenant-id zzxy_prd --certificate-id abc123

b2c ecdn mtls delete

Delete an mTLS certificate.

bash

b2c ecdn mtls delete --tenant-id zzxy_prd --certificate-id abc123

Cipher Suites

b2c ecdn cipher-suites get

Get cipher suites configuration.

bash

b2c ecdn cipher-suites get --zone my-zone

b2c ecdn cipher-suites update

Update cipher suites settings.

bash

# Use a preset suite type
b2c ecdn cipher-suites update --zone my-zone --suite-type Modern

# Use custom ciphers
b2c ecdn cipher-suites update --zone my-zone --suite-type Custom --ciphers "ECDHE-ECDSA-AES128-GCM-SHA256,ECDHE-RSA-AES128-GCM-SHA256"

Flags

Flag	Description	Required
`--suite-type`	Cipher suite type (`Compatible`, `Modern`, `Custom`, `Legacy`)	Yes
`--ciphers`	Comma-separated cipher list (required for Custom)	Conditional

Origin Headers

b2c ecdn origin-headers get

Get origin header modification settings (MRT type).

bash

b2c ecdn origin-headers get --zone my-zone

b2c ecdn origin-headers set

Set or update origin header modification.

bash

b2c ecdn origin-headers set --zone my-zone --header-value my-secret-value
b2c ecdn origin-headers set --zone my-zone --header-value my-secret-value --header-name x-custom-header

Flags

Flag	Description	Required
`--header-value`	Value of the header to forward to origin	Yes
`--header-name`	Name of the header (cannot be changed for MRT origin)	No

b2c ecdn origin-headers delete

Delete origin header modification.

bash

b2c ecdn origin-headers delete --zone my-zone

eCDN Commands ​

Global Flags ​

Zone Selection ​

Authentication ​

Zone Management ​

b2c ecdn zones list ​

Output ​

b2c ecdn zones create ​

Flags ​

Cache Management ​

b2c ecdn cache purge ​

Flags ​

Certificate Management ​

b2c ecdn certificates list ​

b2c ecdn certificates add ​

Flags ​

b2c ecdn certificates update ​

b2c ecdn certificates delete ​

b2c ecdn certificates validate ​

Security Settings ​

b2c ecdn security get ​

Output ​

b2c ecdn security update ​

Flags ​

Speed Settings ​

b2c ecdn speed get ​

b2c ecdn speed update ​

Flags ​

WAF (Web Application Firewall) ​

WAF v1 Commands ​

b2c ecdn waf groups list ​

b2c ecdn waf groups update ​

b2c ecdn waf rules list ​

b2c ecdn waf rules get ​

b2c ecdn waf rules update ​

WAF v2 Commands ​

b2c ecdn waf rulesets list ​

b2c ecdn waf rulesets update ​

b2c ecdn waf managed-rules list ​

b2c ecdn waf managed-rules update ​

OWASP Settings ​

b2c ecdn waf owasp get ​

b2c ecdn waf owasp update ​

WAF Migration ​

b2c ecdn waf migrate ​

Logpush ​

b2c ecdn logpush ownership ​

b2c ecdn logpush jobs list ​

b2c ecdn logpush jobs create ​

Flags ​

b2c ecdn logpush jobs get ​

b2c ecdn logpush jobs update ​

b2c ecdn logpush jobs delete ​

Page Shield ​

Notifications (Organization Level) ​

b2c ecdn page-shield notifications list ​

b2c ecdn page-shield notifications create ​

b2c ecdn page-shield notifications delete ​

Policies (Zone Level) ​

b2c ecdn page-shield policies list ​

b2c ecdn page-shield policies create ​

Flags ​

b2c ecdn page-shield policies get ​

b2c ecdn page-shield policies update ​

b2c ecdn page-shield policies delete ​

Scripts (Zone Level) ​

b2c ecdn page-shield scripts list ​

b2c ecdn page-shield scripts get ​

MRT Rules ​

b2c ecdn mrt-rules get ​

b2c ecdn mrt-rules create ​

Flags ​

b2c ecdn mrt-rules update ​

b2c ecdn mrt-rules delete ​

Individual MRT Rules ​

b2c ecdn mrt-rules rules update ​

b2c ecdn mrt-rules rules delete ​

mTLS Certificates (Organization Level) ​

b2c ecdn mtls list ​

b2c ecdn mtls create ​

eCDN Commands

Global Flags

Zone Selection

Authentication

Zone Management

b2c ecdn zones list

Output

b2c ecdn zones create

Flags

Cache Management

b2c ecdn cache purge

Flags

Certificate Management

b2c ecdn certificates list

b2c ecdn certificates add

Flags

b2c ecdn certificates update

b2c ecdn certificates delete

b2c ecdn certificates validate

Security Settings

b2c ecdn security get

Output

b2c ecdn security update

Flags

Speed Settings

b2c ecdn speed get

b2c ecdn speed update

Flags

WAF (Web Application Firewall)

WAF v1 Commands

b2c ecdn waf groups list

b2c ecdn waf groups update

b2c ecdn waf rules list

b2c ecdn waf rules get

b2c ecdn waf rules update

WAF v2 Commands

b2c ecdn waf rulesets list

b2c ecdn waf rulesets update

b2c ecdn waf managed-rules list

b2c ecdn waf managed-rules update

OWASP Settings

b2c ecdn waf owasp get

b2c ecdn waf owasp update

WAF Migration

b2c ecdn waf migrate

Logpush

b2c ecdn logpush ownership

b2c ecdn logpush jobs list

b2c ecdn logpush jobs create

Flags

b2c ecdn logpush jobs get

b2c ecdn logpush jobs update

b2c ecdn logpush jobs delete

Page Shield

Notifications (Organization Level)

b2c ecdn page-shield notifications list

b2c ecdn page-shield notifications create

b2c ecdn page-shield notifications delete

Policies (Zone Level)

b2c ecdn page-shield policies list

b2c ecdn page-shield policies create

Flags

b2c ecdn page-shield policies get

b2c ecdn page-shield policies update

b2c ecdn page-shield policies delete

Scripts (Zone Level)

b2c ecdn page-shield scripts list

b2c ecdn page-shield scripts get

MRT Rules

b2c ecdn mrt-rules get

b2c ecdn mrt-rules create

Flags

b2c ecdn mrt-rules update

b2c ecdn mrt-rules delete

Individual MRT Rules

b2c ecdn mrt-rules rules update

b2c ecdn mrt-rules rules delete

mTLS Certificates (Organization Level)

b2c ecdn mtls list

b2c ecdn mtls create