Authentication is the process of validating a user's identity, which, on VTEX, can be done in three different ways:
- Login: Verifies and validates the user's identity when accessing an online store or the VTEX Admin.
- Developing integrations: Authenticates requests made to VTEX APIs from integrations with external services. This validation is usually through API keys or user tokens.
- Developing apps: Ensures the legitimacy of communication between applications developed with VTEX IO and VTEX APIs. This validation is usually through authentication tokens.
Login
On VTEX, login authentication occurs in two contexts: in the webstore, when customers log in to access their profile or place an order, and in the Admin, when admin users log in to manage the store's administrative environment.
You need to configure which authentication method will be available in each context. See the available options in the table below:
Login method | Description | Webstore | Admin |
---|---|---|---|
Access code | A random numeric code is sent to the user's email, and they use this code to log in. | Can be enabled | Always enabled |
Password | The user creates a password and logs in using their email and password. Merchants can choose to enforce password expiration after a specific period for Admin users. | Can be enabled | Always enabled. Password expiration can be enabled. |
The user logs in using their Facebook account. Check out the Configuring login with Facebook and Google guide for more information. | Can be enabled | Not available | |
The user logs in using their Google account. Check out the Configuring login with Facebook and Google guide for more information. | Can be enabled | Can be enabled | |
Integration with other ID providers | The user logs in using their account from other external ID providers through an integration. Read the Login (SSO) developer guide to learn more. | Can be enabled using the OAuth protocol. Read the Webstore (OAuth 2.0) developer guide to learn more. | Can be enabled using the SAML protocol. Read the Admin (SAML 2.0) developer guide to learn more. |
At least one of the login methods in the table above must be enabled for the webstore.
Enabling login methods
On the Authentication page, you can choose which login methods you want to offer for your store's customers and administrative users accessing the Admin.

Follow the steps below to enable the desired login methods:
-
In the top bar of the VTEX Admin, click your profile avatar, indicated by the initial letter of your email address.
-
Click Account settings > Authentication.
You will be redirected to the Webstore tab listing the login methods available in your store. In this tab, you can enable the desired customer login methods.
To configure the login methods in the Admin for administrative users, click the Admin tab.
See the table in the Login section to learn about the available login methods and access the documentation explaining how to configure them.
Enforcing password expiration for Admin users
If the password login option is enabled, you can set Admin user passwords to expire after a specified number of days. To do this, follow the instructions below:
- In the top bar of the VTEX Admin, click your profile avatar, indicated by the initial letter of your email address.
- Click Account settings > Authentication.
- Click the Admin tab.
- In the Password row, click
Edit
. - Check the Enforce password expiration option.
- Select a period after which user passwords will become invalid. You can choose 15, 30, or 90 days.
- Click
Save
.
Once the expiration period is reached, Admin users will be required to reset their password when attempting to log in.
Developing integrations
When developing integrations using VTEX APIs, you must provide authentication parameters for the desired operations. See the available methods below:
- Application keys (appKeys): Application keys authenticate requests made to VTEX APIs. Store admins can create keys and associate them with roles, allowing them to use certain platform resources. Learn more in the API authentication using application keys developer guide.
- User tokens: User tokens authenticate API requests, especially for frontend applications developed with VTEX IO. Learn how to use them in the API authentication using user tokens developer guide.
Developing apps
Authentication tokens (auth tokens) are required for authentication when developing apps on VTEX IO. Learn more in the App authentication using auth tokens developer guide.