Skip to content
Last update: June 13, 2024

Virto Commerce Security

There are many aspects of security in Virto Platform and Web API. We will, however, be focusing on the core topics, such as authentication, authorization, and some best practices you might want to follow.


There has been much confusion in what the difference between authentication and authorization is. In fact, this is very simple:

  • Authentication refers to verifying who you are, i.e. providing your credentials (username and password).

  • Authorization refers to what you can do, e.g., access, edit, or delete permissions for documents; you can get authorized to do something only once the authentication is complete.

Readmore Virto Authentication

Readmore Virto Authorization

Readmore Extending Authorization