Menu
Feedback
Start here
Tutorials
Developer portal

Known Issues
Support Rules
Troubleshooting

Frequently Asked Questions
Announcements
Tutorials
Tutorials
Explore in-depth tutorials for operating your VTEX store.
Tutorials
Authentication
Authentication basics
Authentication
Authentication

Authentication is the process of validating a user's identity, which, on VTEX, can be done in three different ways:

  • Login: Verifies and validates the user's identity when accessing an online store or the VTEX Admin.
  • Developing integrations: Authenticates requests made to VTEX APIs from integrations with external services. This validation is usually through API keys or user tokens.
  • Developing apps: Ensures the legitimacy of communication between applications developed with VTEX IO and VTEX APIs. This validation is usually through authentication tokens.

Login

On VTEX, login authentication occurs in two contexts: in the webstore, when customers log in to access their profile or place an order, and in the Admin, when admin users log in to manage the store's administrative environment.

You need to configure which authentication method will be available in each context. See the available options in the table below:

Login methodDescriptionWebstoreAdmin
Access codeA random numeric code is sent to the user's email, and they use this code to log in.Can be enabledAlways enabled
PasswordThe user creates a password and logs in using their email and password. Merchants can choose to enforce password expiration after a specific period for Admin users.Can be enabledAlways enabled. Password expiration can be enabled.
FacebookThe user logs in using their Facebook account. Check out the Configuring login with Facebook and Google guide for more information.Can be enabledNot available
GoogleThe user logs in using their Google account. Check out the Configuring login with Facebook and Google guide for more information.Can be enabledCan be enabled
Integration with other ID providersThe user logs in using their account from other external ID providers through an integration. Read the Login (SSO) developer guide to learn more.Can be enabled using the OAuth protocol. Read the Webstore (OAuth 2.0) developer guide to learn more.Can be enabled using the SAML protocol. Read the Admin (SAML 2.0) developer guide to learn more.

At least one of the login methods in the table above must be enabled for the webstore.

You must have a valid admin user to log in to the VTEX Admin. The roles and permissions assigned to the user specify which resources they can use in the Admin.

Enabling login methods

On the Authentication page, you can choose which login methods you want to offer for your store's customers and administrative users accessing the Admin.

{"base64":"  ","img":{"width":974,"height":566,"type":"png","mime":"image/png","wUnits":"px","hUnits":"px","length":24987,"url":"https://raw.githubusercontent.com/vtexdocs/help-center-content/refs/heads/main/docs/en/tutorials/Authentication/Authentication%20basics/authentication_1.png"}}

Follow the steps below to enable the desired login methods:

  1. In the top bar of the VTEX Admin, click your profile avatar, indicated by the initial letter of your email address.

  2. Click Account settings > Authentication.

    You will be redirected to the Webstore tab listing the login methods available in your store. In this tab, you can enable the desired customer login methods.

    To configure the login methods in the Admin for administrative users, click the Admin tab.

    See the table in the Login section to learn about the available login methods and access the documentation explaining how to configure them.

Enforcing password expiration for Admin users

If the password login option is enabled, you can set Admin user passwords to expire after a specified number of days. To do this, follow the instructions below:

  1. In the top bar of the VTEX Admin, click your profile avatar, indicated by the initial letter of your email address.
  2. Click Account settings > Authentication.
  3. Click the Admin tab.
  4. In the Password row, click Edit.
  5. Check the Enforce password expiration option.
  6. Select a period after which user passwords will become invalid. You can choose 15, 30, or 90 days.
  7. Click Save.

Once the expiration period is reached, Admin users will be required to reset their password when attempting to log in.

Developing integrations

When developing integrations using VTEX APIs, you must provide authentication parameters for the desired operations. See the available methods below:

Developing apps

Authentication tokens (auth tokens) are required for authentication when developing apps on VTEX IO. Learn more in the App authentication using auth tokens developer guide.

Contributors
2
Photo of the contributor
Photo of the contributor
+ 2 contributors
Was this helpful?
Yes
No
Suggest Edits (GitHub)
Contributors
2
Photo of the contributor
Photo of the contributor
+ 2 contributors
On this page
Still got questions?
Ask the community
Find solutions and share ideas in the VTEX community.
Join our community
Request support from VTEX
For personalized assistance, contact our experts.
Open a support ticket
GithubDeveloper portalCommunityFeedback