Important

You are browsing documentation for version 5.1 of OroCommerce, supported until March 2026. Read the documentation for version 6.0 (the latest LTS version) to get up-to-date information.

See our Release Process documentation for more information on the currently supported and upcoming releases.

Authentication 

A RESTful API should be stateless. This means that request authentication should not depend on cookies or sessions. Instead, each request should come with some authentication credentials.

Out-of-the-box, OroPlatform provides the following authentication mechanism:

Important

Please note that WSSE authentication is deprecated and will be removed in one of the future LTS releases. Use OAuth authentication instead.

Business Tip

Looking to make a digital commerce investment? Evaluate the best B2B eCommerce platforms on our comparison page.