You are browsing documentation for version 5.0 of OroCommerce, OroCRM, and OroPlatform, maintained until August 2024 and supported until March 2026. Read version 5.1 (the latest LTS version) of the Oro documentation to get up-to-date information.

See our Release Process documentation for more information on the currently supported and upcoming releases.


A RESTful API should be stateless. This means that request authentication should not depend on cookies or sessions. Instead, each request should come with some authentication credentials.

Out-of-the-box, OroPlatform provides the following authentication mechanism:


Please note that WSSE authentication is deprecated and will be removed in one of the future LTS releases. Use OAuth authentication instead.

Business Tip

Looking to make a digital commerce investment? Evaluate the best B2B eCommerce platforms on our comparison page.