Skip to main content
Sitecore Documentation
  • Learn
  • Downloads
  • Changelog
  • Roadmap
XP
Sitecore Experience Commerce
  • Sitecore Experience Commerce
        • Commerce Core overview
        • Sitecore deployment environments
        • EntityStore
        • Commerce entity
        • Compositional extensibility
        • Managed lists
        • Core policies
        • Entity journaling
            • OData compliance
            • Service metadata
            • Service API headers
            • Security
            • API response compression
        • Commerce terms and localization
    • Tax plugin
  1. Commerce Service API
  1. Sitecore Experience Commerce
  2. Commerce Developer Reference

Security

Version:

Security is based on certificates or on specific authenticated identities. Security is enforced at the controller level, and is based on a user's Sitecore credentials. Every user must be authenticated to be able to call any controller from the Commerce Engine.

There are two ways to authenticate:

  • Certificate authentication

  • Bearer token authentication

If you have suggestions for improving this article, let us know!

Documentation Assistant

This assistant uses AI to generate responses based on Sitecore documentation. While it has access to official sources, answers may be incomplete or inaccurate and should not be considered official advice or support.
Powered by
k
kapa.ai
Protected by reCAPTCHA

© Copyright 2026, Sitecore A/S or a Sitecore affiliated company.
All rights reserved.

Privacy policySitecore Trust CenterTerms of use