Skip to main content
Sitecore Documentation
  • Learn
  • Downloads
  • Changelog
  • Roadmap
XP
Sitecore Experience Commerce
  • Sitecore Experience Commerce
        • Commerce Core overview
        • Sitecore deployment environments
        • EntityStore
        • Commerce entity
        • Compositional extensibility
        • Managed lists
        • Core policies
        • Entity journaling
            • OData compliance
            • Service metadata
            • Service API headers
            • Policy keys
            • Security
            • API response compression
        • Commerce terms and localization
    • Tax plugin
  1. Commerce Service API
  1. Sitecore Experience Commerce
  2. Commerce Developer Reference

Security

Version:

Security in Sitecore Experience Commerce is based on specific authenticated identities and uses bearer token authentication. Security is enforced at the controller level, and is based on a user's Sitecore credentials. Every user must be authenticated to be able to call any controller from the Commerce Engine.

If you have suggestions for improving this article, let us know!

Documentation Assistant

This assistant uses AI to generate responses based on Sitecore documentation. While it has access to official sources, answers may be incomplete or inaccurate and should not be considered official advice or support.
Powered by
k
kapa.ai
Protected by reCAPTCHA

© Copyright 2026, Sitecore A/S or a Sitecore affiliated company.
All rights reserved.

Privacy policySitecore Trust CenterTerms of use