Authentication and Authorization | Infocenter

Introduction to Roles
In Business Manager, you can perform authentication to determine if the user is who they claim to be. You can also perform authorization to determine if the user has permission to perform the specific action they are attempting.

Shopper Authentication
Shoppers can register and create accounts on your storefront or they can remain anonymous. For example, to browse your storefront, shoppers are not required to sign in to their account or even have an account. However, when a shopper creates an account, you now have their information, such as billing address, credit card, and previous orders. Authenticated shoppers can also access certain functionality that’s not available to anonymous shoppers, such as a gift registry and wishlist.

User Authentication and Authorization
As an administrator, you configure security controls in Business Manager. You need to perform authentication to determine if the Business Manager user is who they claim to be. You can also perform authorization to determine if the user has permission to perform the specific action they are attempting.

OCAPI Client Authentication and Authorization
Open Commerce API (OCAPI) provides a RESTful interface that OCAPI clients consume (custom code). So, what about client authentication and authorization for OCAPI?

WebDAV Authentication and Authorization
WebDAV is a protocol that lets you upload and download data or code files. A merchant sends WebDAV requests to your instance’s WebDAV server. The merchant’s WebDAV client can be a Business Manager user or an API client for machine-to-machine interaction.