Virto Commerce Security¶
There are many aspects of security in Virto Platform and Web API. We will, however, be focusing on the core topics, sich as authentication, authorization, and some best practices you might want to follow.
There has been much confusion in what the difference between authentication and authorization is. In fact, this is very simple:
Authentication refers to verifying who you are, i.e. providing your credentials (username and password).
Authorization refers to what you can do, e.g., access, edit, or delete permissions for documents; you can get authorized to do something only once the authentication is complete.
Virto authorization API calls