Integrating Retailer Shopping Carts with Sparkle by Group Nine Media

Posted in Uncategorized at 12:11 pm by mike

Amazon Sparkle


As the ecommerce landscape evolves, shoppers have raised their expectations of online shopping experiences, and are easily discouraged by burdensome process flows which force multiple clicks, page loads and forms. This is especially true as more eCommerce moves to mobile where conversion is even more dependent upon ease of use of the interface.

One way leading online retailers (Amazon, Walmart, BestBuy) have addressed this issue is by providing 3rd Party Cart APIs for their affiliates and advertisers. This allows the customer to make a buying decision on a partner’s website, and then directly add that product (or multiple products) to their shopping cart. If the customer happens to already be authenticated with the destination site, they can be taken directly to the checkout page where they can review the contents of their cart. This works equally well for anonymous carts, since each retailer has already optimized the login or signup process for that case.

Sparkle, from Group Nine Media, has integrated with several different retailer’s checkout and cart APIs to create a mobile optimized shopping experience easily accessible from the web pages and social feeds of POPSUGAR, Thrillist and The Dodo. This document describes a number of different approaches to providing a shared checkout API and discusses the drawbacks and advantages of each one.

GET Cart with SKUs

This is by far the simplest implementation for a 3rd party application or website to use, but may present special challenges to the retailer. Amazon, Walmart, and BestBuy all support this type of request through their affiliate accounts. It allows any site to create a link on a web page which includes the product SKU(s). For Amazon and Walmart, clicking on that link takes the user to a landing page on the retailer’s site which lists the products, and confirms that the user wants to add them to the cart. For Best Buy, you are taken directly to the cart, but they currently only allow 1 product to be added in a single request.

A couple considerations for the retailer who wishes to implement this mechanism. Without the confirmation page, it’s possible for malevolent bots or other ill-willed systems to flood your site with anonymous cart creation. Assuming anonymous carts are a free resource and/or are garbage collected on a regular basis, this may not be a concern. The retailer does have to decide how to deal with inventory counts, and whether an item in an anonymous cart should count against available inventory. Analyzing cart abandonment rates may justify waiting for customer authentication or account creation before decreasing available inventory.

GET/POST Add-to-Cart

Another option we’ve seen implemented is items are added to a cart via a get or post request usually specifying an SKUs and counts. GET requests are convenient since they don’t require explicit CORS permissions, though it’s possible for the server implementation to allow any domain for POST requests. Once again, the implementation needs to be able to scale anonymous cart creation.

Even with strong CORS controls, retailers have the option of adding “sparkle.groupninemedia.com” to their “allowed origin” list and responding to the browser to allow the POST operation.

Typically on the first request, the response will return a cart cookie, which is then extracted on all following requests.

The War on 3rd Party Cookies

Unfortunately, in order to address concerns with privacy around 3rd party tracking, many browsers have built restrictions around cookie management which can undermine our 3rd party cart implementation. Safari will not allow any 3rd cookies to be created until the user has made a “first class” visit to the website. Chrome currently allows the cookies to be created, but does not allow the current site any visibility to those cookies or the return values of the request. Google has announced they plan to further restrict this behavior in the future.

There still exists one simple work-around to this problem which we will call the “Cookied-Redirect”. In short, since Safari requires the user to visit the site before cookies can be created, the retailer can set up a redirect endpoint, which adds a cookie to a 302 response which sends the browsers back to the original page. For example:


Safari will consider this a true visit to the acme.com web site, and all future GET and POST requests will now be able to successfully create cookies, thus solving our cart identification problem.

To avoid an Open Redirect Vulnerability, retailers will want to limit the redirect to partner domains which are integrating their cart apis.

Imagine There’s no 3rd Party

So there is one other potential trick to avoid the CORS and 3rd Party Cookie issues. If (and only if) the retailer’s cookies are mapped to the global domain and not a particular host. For instance, if cookie values are scoped to: acme.com and NOT store.acme.com, the browser will allow them when Sparkle uses its domain whitelabling feature: sparkle.acme.com. This will mean the cart cookies can be easily shared between the two sites without requiring any redirects. This will prevent CORS cross-domain issues, since the sites are on the same domain.

The downside here is the need to manage SSL certificates for the server. Either the retailer will need to issue a certificate for the sparkle web server, or if the retailer uses a Load Balancer to terminate the SSL connection, the requests could then be proxied back to Sparkle. In either case, this will still require some configuration by the retailer’s IT group.

Backend Authenticated Shopping API

If none of the above solutions are acceptable, the last option is to create an authenticated Shopping API, if one doesn’t already exist. This addresses most of the security concerns mentioned above, but may be a significant larger lift for the retailer’s ecommerce engineering team if an existing API isn’t already in place.

In this model, the Sparkle server makes all the cart requests on behalf of the user. This prevents the authentication key from being exposed in Javascript on the browser.

The API requirements here are

  1. Get product information from a retailer product page URL
  2. Create a Shopping Cart and return a unique id for that cart
  3. Add a product to the above cart
  4. Provide and endpoint to initiate the retailer checkout experience given a unique cart id

It may be possible to combine 2 & 3 into a single request that creates a new cart if a cart id isn’t specified. Another option is to combine 2, 3 & 4 by passing all the SKU’s and quantities in a single request and have the response be a redirect to the retailer checkout page. Note, we’ve come full circle now back to the public GET implementation we started with, though by making this an authenticated API call, the retailer is better protected from malevolent anonymous cart creation.

Product Information API

The last component needed for optimal Sparkle integration is a good product query API. Most retailers already have this in place since it’s usually a necessary component for building a shoppable retailer website, but the API isn’t necessarily public or easily accessed by 3rd parties.

For completeness, the key product data requirements for Sparkle are:

  1. Product and Variant SKUs
  2. Product and Variant Images
  3. Variant Types (size, color, etc..)
  4. Swatches for color/pattern Variants
  5. Variant Display Descriptions (“Sky Blue” vs “skyblue”)
  6. Inventory and/or availability

Ideally, the retailer product page URL (or some portion of the URL) can be used to query the API. Depending upon the number of variants of a particular product, multiple requests may be needed to retrieve the data. Often, all the information needed is already available in a JSON object on the product page and the simplest solution may be for Sparkle to simply extract that.


While allowing third party cart API integration may not be a trivial endeavor for an online retailer, it’s obvious the market leaders and early adopters have seen the value in doing so. This is becoming even more important as younger consumers are learning to expect shopping seamlessly integrated into their media consumption and social experiences. The audience drawn to the Group Nine Media properties is very mobile savvy and depends upon our Brands to lead them to equally savvy retailers.

This article originally appeared at https://engineering.popsugar.com/retailer-shopping-cart-integration-with-sparkle-47160371 on Jan 29th, 2020.


Intel CPU Info tool.

Posted in Uncategorized at 6:09 pm by mike

Cool geekware to tell you about your CPU: http://www.cpuid.com/downloads/cpu-z/1.55-setup-en.exe. Be sure to disable the evil Ask toolbar window from the install wizard.


Allway Sync now supports Amazon S3

Posted in Uncategorized at 9:53 am by mike

So I’ve been using AllWay Sync tool for a couple  years now to keep laptops synchronized (free for home use).   I recently downloaded the latest version to help me back up the HTPC harddisk before pulling it out and moving it to the ReadyNAS NV+ as an iSCSI device (a story for another time).    In the back of my mind, I’ve also been contemplating various offsite backup strategies.    My photo and home video collection is nearing 1TB, and after seeing the San Mateo gas fire, I’m a little more motivated to get those offsite.

It turns out the latest version of AllWay now supports Amazon S3!  This basically gives you an unlimited storage solution for $1.20$1.11/GB/yr using S3 RRS.    Or $10 $9 a month for a TB of backup.   The beauty is you only pay for what you use, so 250GB is only $2.50 $2.25 a month, or $27/yr.  The AllWay tool can do scheduled synchronizations and after the initial sync, it only pushes new files and deletions.

Now the Internet backup providers like Carbonite are running right as low as $55/yr for unlimited backup, so you may be able to pay a little less for a more feature rich solution if you are over .5TB but if you have multiple PC’s (or a NAS).   That said $55/yr only gets you 1 PC and I don’t know if it will backup network shares.  Furthermore they don’t recommend the $55 solution for anyone with more than 200GB.  In fact, in their FAQ they mention something about bandwidth throttling at 35 and 200 gig.

Finally, Amazon has been consistently dropping the price on S3 storage every year, so it will only get cheaper.    Allway includes integration with Windows Task Manager, so scheduled backups are a breeze.   As soon as I get all the drives reorganized, this is definitely the next task on the list.


More CPU Envy

Posted in Uncategorized at 7:49 pm by mike

So just completed the configuration of my new Dell M4500.

  • Intel i7 Q72o @ 1.60GHz (not the fastest i7, but uses the least power)
  • 8GB memory
  • 60GB SSD drive
  • 500GB HD
  • Windows 7 Ultimate, 64 bit

The machine measures twice as fast as my old 4300 and the i7 excels at running VMWare machines. (Task Manager shows 8 CPUs: 4 hyperthreaded cores)  Add the SSD for the OS, and you’re not waiting for anything.   Furthermore, with a 64bit OS,  I now have 4G allocated to each 32 bit VM and they run like they are native.    Other nice touches are the back lit keyboard, wireless-N card and external SATA port.

My only complaint is the camera built into the screen is always pointed at you. I’d prefer it had a some sort of physical lens cap.

Nice big keyboard with three mouse buttons above and below the pad.

The WEI score is 6.5 due to I didn’t bother with the high end graphics card. Processor and SSD come in at 7.0 and 7.3. 7.9 is the highest score possible, don’t ask me why…

Mean looking charcoal black case

BTW: The upgrade to the latest BIOS from Dell seemed to solve the BSOD problem I saw a couple times.    Haven’t seen it since.


Hmm… Tool Porn

Posted in Uncategorized at 3:27 pm by mike

So about 10 years ago I picked up a 16.8v cordless drill/flashlight combination for something like $29.99.    Worked great for a few years when one of the batteries stopped taking a charge.   Went back to Sears only to discover they no longer made any 16.8V devices.    Looked on Ebay & Amazon and they wanted $49 for a used battery, and $100 for a new one.   So I went back to sears.com and started looking for a new drill.   Of course, little did I know I was going to stumble upon this for $299 (free shipping):

Not only did it replace the drill and flashlight along with 4 other tools, it also comes with 3 batteries and the rolling toolbox.   Great addition to the Home Theater installation shop on wheels.  A quick look inside the box:

The first level holds the drills and light.

The second level has the three saws.   The only think missing was a hammer drill for installing TV mounts on brick fireplaces.    So I added one of those as well.

Finally, to top this all off, I also picked up an gorgeous Hammerhead LX stainless steel toolbox off of Craigslist.  (This is what the Siren Padlock in the first picture is for)  Unfortunately, the company went out of business, but I managed to pull some info out of the google cache:

Width: 41-3/16″ (46″ including side handles)
Height: 61.5″ (55-1/2″ without casters)
Depth: Top 17.5″ (18.25″ with drawer pulls)
Bottom 18.0″ (18.75″ with drawer pulls)Net Weight Top Chest: 169 lbs.
Net Weight Bottom Roller Cabinet: 262 lbs
Total Net Weight: 431 lbs

Inner Dimensions:


Lid: 41-3/16″ W x 15-3/8″ D x 2-1/4″H
Tray beneath Lid: 41-3/16″ W x 15-3/8″ D x 2-1/2″ H
total internal area of lid is 41-3/16″ W x 15-3/8″ D x 4-3/4″ H

Left bank of drawers on Top Chest, from top to bottom:

1. 22-1/2″ W x 16-5/8″ D x 2-3/8″ H
2. 22-1/2″ W x 16-5/8″ D x 2-3/8″ H
3. 22-1/2″ W x 16-5/8″ D x 2-3/8″ H
4. 22-1/2″ W x 16-5/8″ D x 2-3/8″ H
5. 22-1/2″ W x 16-5/8″ D x 2-3/8″ H

Right bank of drawers on Top Chest, from top to bottom:

1. 12-3/8″ W x 16-5/8″ D x 2-3/8″ H
2. 12-3/8″ W x 16-5/8″ D x 12″ H (will accommodate hanging file folders)


Left Bank of drawers on Bottom Roller Cabinet, from top to bottom:

1. 22-1/2″ W x 16-5/8″ D x 5-1/8″ H
2. 22-1/2″ W x 16-5/8″ D x 2-3/8″ H
3. 22-1/2″ W x 16-5/8″ D x 2-3/8″ H
4. 22-1/2″ W x 16-5/8″ D x 2-3/8″ H
5. 22-1/2″ W x 16-5/8″ D x 5-1/4″ H
6. 22-1/2″ W x 16-5/8″ D x 8-5/8″ H

Right Bank of Drawers on Bottom Roller Cabinet, from top to bottom:

1. 12-3/8″ W x 16-5/8″ D x 5-1/8″ H
2. 12-3/8″ W x 16-5/8″ D x 2-3/8″ H
3. 12-3/8″ W x 16-5/8″ D x 2-3/8″ H
4. 12-3/8″ W x 16-5/8″ D x 2-3/8″ H
5. 12-3/8″ W x 16-5/8″ D x 5-1/4″ H
6. 12-3/8″ W x 16-5/8″ D x 8-5/8″ H

Total cubic inches of internal storage space is 25,555 cu. in.

Dimensions of Side handles:

Top: 9-3/8″ Long x 2-3/8″ Deep
Bottom: 9-1/2″ long x 2-3/8″ deep
Side handles are 1″ thick extra heavy duty 12 gauge Stainless Steel.

Including caster bracket: 6-1/4″ high
caster: 5″ diameter x 1-1/2″ thick

Note that two casters have brakes (shown on left side of chest)

Stays: The bottom roller cabinet has corner stays to prevent the top chest from sliding off. The stays measure 5/8″ high x 1″ wide and wrap around the corner on all four sides.

Too bad they are gone. They look like they had some nice stuff:


3Mbits/sec tethering via the HTC Tilt 2

Posted in Uncategorized at 3:32 pm by mike

I was able to get 3Mbits/sec from Speakeasy when tethered through the phone.  Not too shabby.  A couple hack tricks helped, which I’m keeping as a separate page here.


Dual Boot Andriod and Windows Mobile

Posted in Uncategorized at 11:10 am by mike

It looks like there’s a ROM download to allow an HTC Touch Pro 2 (Tilt 2 for AT&T customers) to dual boot both WM 6.5 and Android.
There is the potential to brick the phone, so I think I’ll wait a while before trying it.


RadioParadise High Fidelity Streams

Posted in Uncategorized at 3:57 pm by mike

So RadioParadise turned off their 192K MP3 stream in favor of  Octoshape, a peer-to-peer Windows Media Player plugin to get RadioParadise in 192k format, unfortunately I experienced quite a few drop outs and choppy sound.    Possibly there aren’t enough users yet to get critical mass.  Interestingly, Comcast took down the FAQ which claimed they don’t interfere with P2P traffic.   The FCC came down on them for doing this last year, but with everything they are doing to fight the Net Neutrality movement, I wouldn’t put it past them.   I switched to the 128K ACC+ stream with the Orban plugin.   No drop outs and the quality sounds pretty good.   Note that ACC+ received a much higher quality rating than MP3 on the MUSHRA score.


Mike vs. the Oil Filter

Posted in Uncategorized at 11:58 am by mike

So I was insistent upon changing the oil in both cars last week, even after I threw out my back picking up my daughter.   So 600mgs of Ibuprofen and Tylenol later, I’m gingerly lowering myself onto my creeper and sliding under the G35.   No pain while standing or lying down, just the transition sucks incredibly.   Now the one upside to that pain, it really makes you stop and think: “Do I have everything I need?”  before you lie down and slide under the car.

So I’m one of the few people I know who still changes the oil it their own car.    But (this story aside) it’s one of those things that is much easier once you have all the right tools.     When I was trying to figure out how to pull speaker wires through my walls, a friend of mine suggested pulling the floor boards and running the wires behind them (a coming post).    The task initially overwhelmed me, until he lent me his air-compressor and nail gun.   Suddenly I was having a lot of fun.

But back to oil changes, there are a couple things you need to make your life easy.    First of all, you need to be able to get under the car.    A couple wheel ramps and a creeper help with that.   One thing you don’t want to happen is for your ramps to slide when your trying to drive the car up them.    That’s what the rubber Tweedy mats are for.

An oil recovery pan is necessary as well.   These need to be resealable so you can take the waste oil down to your local gas station or auto-parts store and dispose of it.   Kragen in San Francisco offers free disposal.

Finally, you need a decent tool set (sockets, wrenches, etc).   I’m still using the Craftsman set I bought while I was working at a gas station in high school.   Most importantly though (especially for this case), are the filter removal tools.

Unfortunately the G35 has a plastic rock shield covering most of the oil pan and undercarriage.    They did leave an access whole for the drain plug and filter such that if you’re a 12 year old girl, you might actually be able to fit your arm up there to take off the filter.    I usually remove 3 of the screws holding on the shield and stick my arm around it.   Usually the big-blue rubber glove will give me enough traction on the filter to remove it.   That was certainly not the case today.

Now at 6’3 I have pretty big hands and there was a time when I was bench pressing around 300 lbs, so even with the back screaming, I’m able to put a good amount of torque on a oil filter.    This one wasn’t going to budge.   But I’ve had this happen often enough that I fell back to the socket filter tool.   The one you see below is made out of some sort of polyurethane or ABS plastic.   It just so happens the G35 and Mazda Protegee use the same filter, so I picked up one of these for a couple bucks.  (I also modified one to replace the $30 BMW tool for the K75)  The tool fits snugly on the end of the filter, using the grips on the filter for traction with a square 3/8 socket attachment in the center.

The first couple tries, the tool stripped the grips filter, deforming the filter itself.    To solve this problem, I wrapped the filter in some duct tape, and tapped on the filter wrench with a small hammer.   Plugged the socket wrench back into the filter tool, and cranked.  This time I managed to strip the socket attachment of the tool itself.    (During all this, please don’t forget the excruciating pain I’m going through each time I have to slide out from under the car, stand up to do get a tool, and then lay myself back down on the dolly).    So the tool isn’t ruined yet, since it also has a 1 inch hex nut on the top.  So I grab the 1 inch wrench and figure I now have far more leverage I need, only to see the tool start slipping again, even on the duct-tape-wrapped filter.  (sorry, the cell phone close up isn’t that clear)

As you can imagine, my frustration level is pretty high and I’m now fantasizing about driving to the Infinity dealer and finding the idiot who used a pipe wrench to tighten the filter on, and borrowing his pipe wrench as blunt force learning tool…  Instead, I take a few deep breaths and move to plan B.

The second tool in the arsenal is basically just a square steel rod attached to a nylon strap loop.   The idea is you wrap the oil filter into the loop in the same direction you want to turn, and then use a wrench on the steel rod to apply more torque.    The problem was I now had to remove the entire plastic undercarriage protector (15+ screws) in order to have enough access to the oil filter to perform the task.    This is one of those tools you look at in the store and you question whether it can work, and how difficult it is to use.    You do need to use two hands to wrap the filter in the tool and then hold it there while you attach the wrench.    The torque you get is two fold:  as you turn the steel rod it tightens the strap on the filter and applies the turning force at the same time.    When you’re trying it, you don’t have any confidence it’s going to work.    But when I saw the first movement of the filter, it was the same feeling when you find that one non-null terminated string that was causing the memory arena overwrite crash two hours later.

From there everything else is pretty uneventful.  As much as I’d like to go scream at the dealer who last changed the oil, it’s not like anyone there would care, and I suspect it would be a rather non-fulfilling exercise.

Finally my last tip for you is clean up.   If you’ve never worked in a gas station or repair shop, you may not no about lanolin based cleaners.    If you’ve ever tried to use regular soap to clean engine grease off your hands, you know its next to impossible to do.    It turns out that if you mix sheep skin oil with the right cleaning agents, you get a very disgusting paste which instantly removes grease from your hands without requiring any water.    The trick is to not wet your hands first, and rub just the cleaner into your hands and fingernails and then wipe off with a paper towel.   You usually want to wash your hands normally after that, but you’ll be amazed at how easily everything comes off.    I’m not particularly attached to this brand, but you find this stuff at any auto parts store.  Just buy whatever is on sale:

So while the oil change on the Infinity did take over an hour, I was able to whip through the Protege in less than 20 minutes.    There’s a huge sense of empowerment in doing something so simple rather than having to pay someone else to do it for you.    Bad back and all, it made my weekend.



About Mike Patnode

Posted in Uncategorized at 9:15 pm by mike

Professional Info

I’m basically a Unix hack who taught himself Security, Java, and various Web technologies, only to get sucked into management positions after spending any amount of time at a company.  You can find out a little more about me here as well as on LinkedIn.   I also spent some time developing network video protocols with the X Consortium, but since working with the Certificate Server group at Netscape, I’ve been unable to fully escape the security world.

I’ve helped write a couple blog entries for Centrify, one about OpenSSH and another about MIT Kerberos Integration.

If you’re really a glutton for punishment, you can watch me talk about Unix Service Accounts, Active Directory Groups and Unix Identity Management.

Finally, for the complete diehards, there’s a 60 minute webinar on Migration NIS and NIS+ Users to Active Directory.

Personal Info

I ride a BMW K75 motorcycle and still change my own oil on all my vehicles.    I’ve been a Miami Dolphins fan since I was a little kid (no connection to Florida, so I can’t really explain why) but loyalty has kept me with the team through thick and thin.   Luckily, after a long dry spell, the team is looking a little better.     Living in California, I take full advantage of the wine country, and built a wine cellar under my stairwell to help leverage that.   I also installed my own home theater system, including pulling all the wires through the walls.  That continues to be a hobby/time sink, though mostly due to trying to arm-twist Windows Media Center into the entertainment experience I’m looking for.

If I had more time, I’d be playing more poker (not online!) and beach volleyball (definitely not online!).   The free time I do have gets wasted on Science Fiction.   Lately Peter Hamilton, Iain Banks and Neal Asher.

I have a lovely daughter and wife (that’s me, not my wife…)

I can be reached at mike(at)mpsharp.com

« Previous entries Next Page » Next Page »