Authentication
Version:
Authentication in the Sitecore XC solution is based on tokens or on specific authenticated identities. Security is enforced at the controller level, and is based on a token or on a user's Sitecore credentials. Every user or application must be authenticated to call any controller from the Commerce Engine.
Sitecore Identity provides authentication service using bearer token authentication.
Additional security considerations include:
HTTPS://and SSL support- No credit card storage option
- PCI Level 1 DSS 2.0 Certified Tokenization
- Strong password enforcement
- 90-day forced administrator password changes
- Back office geographical and proximity real-time validations
- Back office IP restriction access
If you have suggestions for improving this article, let us know!