Last update: February 28, 2024

Virto Commerce Security

There are many aspects of security in Virto Platform and Web API. We will, however, be focusing on the core topics, sich as authentication, authorization, and some best practices you might want to follow.

Note

There has been much confusion in what the difference between authentication and authorization is. In fact, this is very simple:

• Authentication refers to verifying who you are, i.e. providing your credentials (username and password).

• Authorization refers to what you can do, e.g., access, edit, or delete permissions for documents; you can get authorized to do something only once the authentication is complete.

Virto authentication

Virto authorization

Extending authorization