Authentication

Authentication in the Sitecore XC solution is based on tokens or on specific authenticated identities. Security is enforced at the controller level, and is based on a token or on a user's Sitecore credentials. Every user or application must be authenticated to call any controller from the Commerce Engine.

Sitecore Identity provides authentication service using bearer token authentication.

Additional security considerations include:

  • HTTPS:// and SSL support

  • No credit card storage option

  • PCI Level 1 DSS 2.0 Certified Tokenization

  • Strong password enforcement

  • 90-day forced administrator password changes

  • Back office geographical and proximity real-time validations

  • Back office IP restriction access