Authentication
Current version: 9.0
Security in the Sitecore XC solution is based on certificates or on specific authenticated identities. Security is enforced at the controller level, and is based on a user's Sitecore credentials. Every user must be authenticated to be able to call any controller from the Commerce Engine.
There are two ways to authenticate:
Additional security considerations include:
-
HTTPS://
and SSL support -
No credit card storage option
-
PCI Level 1 DSS 2.0 Certified Tokenization
-
Strong password enforcement
-
90-day forced administrator password changes
-
Back office geographical and proximity real-time validations
-
Back office IP restriction access