Authentication is the process of validating a user's identity, which, on VTEX, can be done in three different ways:

• Login: Verifies and validates the user's identity when accessing an online store or the VTEX Admin.
• Developing integrations: Authenticates requests made to VTEX APIs from integrations with external services. This validation is usually through API keys or user tokens.
• Developing apps: Ensures the legitimacy of communication between applications developed with VTEX IO and VTEX APIs. This validation is usually through authentication tokens.

On VTEX, login authentication occurs in two contexts: in the webstore, when customers log in to access their profile or place an order, and in the Admin, when admin users log in to manage the store's administrative environment.

You need to configure which authentication method will be available in each context. See the available options in the table below:

At least one of the login methods in the table above must be enabled for the webstore.

You must have a valid admin user to log in to the VTEX Admin. The roles and permissions assigned to the user specify which resources they can use in the Admin.

On the Authentication page, you can choose which login methods you want to offer for your store's customers and administrative users accessing the Admin.

Follow the steps below to enable the desired login methods:

1. In the top bar of the VTEX Admin, click your profile avatar, indicated by the initial letter of your email address.

2. Click Account settings > Authentication.

   You will be redirected to the Webstore tab listing the login methods available in your store. In this tab, you can enable the desired customer login methods.

   To configure the login methods in the Admin for administrative users, click the Admin tab.

   See the table in the Login section to learn about the available login methods and access the documentation explaining how to configure them.

If the password login option is enabled, you can set Admin user passwords to expire after a specified number of days. To do this, follow the instructions below:

1. In the top bar of the VTEX Admin, click your profile avatar, indicated by the initial letter of your email address.
2. Click Account settings > Authentication.
3. Click the Admin tab.
4. In the Password row, click Edit.
5. Check the Enforce password expiration option.
6. Select a period after which user passwords will become invalid. You can choose 15, 30, or 90 days.
7. Click Save.

Once the expiration period is reached, Admin users will be required to reset their password when attempting to log in.

When developing integrations using VTEX APIs, you must provide authentication parameters for the desired operations. See the available methods below:

• Application keys (appKeys): Application keys authenticate requests made to VTEX APIs. Store admins can create keys and associate them with roles, allowing them to use certain platform resources. Learn more in the API authentication using application keys developer guide.
• User tokens: User tokens authenticate API requests, especially for frontend applications developed with VTEX IO. Learn how to use them in the API authentication using user tokens developer guide.

Authentication tokens (auth tokens) are required for authentication when developing apps on VTEX IO. Learn more in the App authentication using auth tokens developer guide.