Guides

E-commerce architecture guide

E-commerce Edge Architecture: Fast Catalog, Safe Checkout and Bot Defense

Classify public catalog, customer state, and transaction-critical traffic before optimising it. The fastest response is not a success when it leaks entitlement or confirms the wrong order.

Published
Updated
Reading time
15 min read
On this page

An ecommerce edge is not a “cache everything” setting. It is three distinct traffic contracts: public catalog representations, private account and cart state, and transaction-critical checkout. The edge can cache, filter, and protect capacity; the application remains authoritative for identity, price, inventory, eligibility, payment, and order commitment.

Overview

Outcome

Define route-level cache, origin, and abuse-control contracts that make public pages reusable while preserving private state and safe order decisions during normal traffic and peaks.

Design three traffic planes

E-commerce traffic planes
  1. Public catalog

    Cache public product, category, editorial, and versioned asset representations.

  2. Account and cart

    Keep identity, loyalty, addresses, and cart state private and origin-authorised.

  3. Checkout

    Validate price, stock, fraud, tax, payment, and idempotency at commitment time.

Public content can stop at the edge; customer state and order commitment always retain an application-owned correctness boundary.

Write a cache contract before choosing a TTL

RFC 9111 makes shared-cache behaviour dependent on response directives and variation. Document each route's representation dimensions, cache key, freshness, invalidation owner, stale policy, and negative test. no-cache permits storage but requires validation before reuse; no-store prohibits storage and reuse.

Response classShared-cache policyCorrectness rule
Versioned assetsPublic, long-lived, versioned URLA changed asset receives a new URL.
Public product pagePublic only for equivalent locale, market, and channel outputKey includes every permitted variation.
Account or cartprivate, no-storeApplication authorises every object request.
Checkout and confirmationprivate, no-storeRecheck price, inventory, payment, and idempotency.
Representative cache contract
route: /products/{slug}
audience: public
cache_key: path + locale + market
freshness: business-approved
origin_rule: revalidate price and inventory at order commit
negative_test: authenticated response never enters shared cache

Protect origin and checkout separately

Keep the origin private where possible, restrict it to the edge path, authenticate edge-to-origin traffic, and test direct-origin rejection. Treat checkout as a payment-page security boundary: PCI DSS requirements that apply to an ecommerce environment include authorised payment-page scripts, script integrity, inventory, and change/tamper detection. A CDN or WAF does not replace application authorisation.

Defend against bots by business flow

Credential stuffing, carding, scraping, inventory denial, and denial of service have different signals and harms. Apply limits by account, session, route, device or network context, and business object, not IP alone. Use graduated controls: observe, throttle, challenge, require step-up authentication, then restrict confirmed abuse. Preserve an accessible recovery path and generic login failures to prevent account enumeration.

Prepare the peak-event failure paths

Test warm and cold cache states, promotion start, inventory depletion, origin slowdown, payment degradation, bot surge, purge, and rollback. Monitor cache outcome, origin fetches, latency, WAF/rate actions, login outcomes, and checkout success as separate signals. A high cache-hit ratio cannot prove that private state is safe or checkout is correct.

Troubleshooting

E-commerce edge anti-patterns

  • Caching by full cookie header or caching authenticated HTML without a reviewed isolation design.
  • Serving stale cart, payment, inventory reservation, or order-confirmation state.
  • Treating CAPTCHA, IP reputation, or a bot score as the only account-takeover control.
  • Allowing direct public origin access because the storefront is normally behind a CDN.

Authoritative references

Review the delivery path before the next peak

Optimi can help align cache contracts, origin protection, bot controls, and evidence around the ecommerce journeys that matter.

Assess ecommerce delivery