A few months ago, I was asked to integrate a Salesforce Marketing Cloud (SFMC) customer preference centre with Commerce Cloud (CC). There was no connector in place between SFMC and CC, however, both systems were integrated with Sales Cloud.
The preference page was built using Ampscript to update Sales Cloud directly, in order to update the record in Sales Cloud I needed to have the record unique ID, the Person Contact ID.
This is straightforward when the landing page is accessible from an email sent via SFMC, the email links are automatically encrypted and there is no risk to expose the customer information.
Things become complicated when you are accessing the link from a source that does not offer encryption out of the box.
In our case, when customers are logged in, commerce cloud is able to identify the individual using the customer unique ID from Sales Cloud and if a customer decides to update their consent, can access the SFMC preference center page and be identified with the same ID.
This is possible by passing the customer unique ID as a parameter in the URL and then use Ampscript to retrieve the value.
However, this solution exposes the unique ID that could potentially be used to access customer PII. It was a risk I was not willing to take.
I started to look into SFMC capabilities to decrypt parameter encrypted by other software.
When looking into the documentation, I found that Ampscript can help with decryption. However, according to the documentation, it is only possible to decrypt data contained within Marketing Cloud.
You can only use the EncryptSymmetric() and DecryptSymmetric() AMPscript function on data contained within Marketing Cloud. Marketing Cloud does not support the use of these functions in conjunction with outside or third-party encryption and decryption functionality.
I decided to give it a go anyway. Here are the steps:
1) Create a Pre-shared Key in Commerce Cloud and use the password to generate the External Key in SFMC. I used DES-ECB encryption.