Skip to main content


Security is based on certificates or on specific authenticated identities. Security is enforced at the controller level, and is based on a user's Sitecore credentials. Every user must be authenticated to be able to call any controller from the Commerce Engine.

There are two ways to authenticate: