headless-bff-architecture

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly about a BFF for a VTEX headless storefront and shows concrete integration with VTEX Checkout and OMS private APIs (e.g., /api/checkout/pub/..., /api/oms/pvt/orders). It describes managing VtexIdclientAutCookie (a bearer token that "authenticates all actions on behalf of a shopper — placing orders, viewing profile data, accessing payment information") and injecting X-VTEX-API-AppKey/X-VTEX-API-AppToken to call private VTEX endpoints. The provided vtexRequest and route examples demonstrate programmatic calls to order/checkout endpoints that can place or modify orders and access payment data. This is a domain-specific commerce integration that enables executing transaction-related operations, so it constitutes direct financial execution capability.