You are browsing upcoming documentation for version 6.0 of OroCommerce, OroCRM, and OroPlatform, scheduled for release in 2024. Read version 5.1 (the latest LTS version) of the Oro documentation to get up-to-date information.
See our Release Process documentation for more information on the currently supported and upcoming releases.
OroMarketplace is a flexible e-commerce marketplace platform designed to enable businesses to create and manage online marketplaces. It provides the foundation and tools necessary to build and operate B2B marketplaces, connecting multiple sellers with potential buyers in a single digital marketplace environment. OroMarketplace is based on OroCommerce Enterprise and has a built-in CRM, which allows for handling all storefront and back-office components and automating B2B processes using various workflows.
Multi-Vendor Support: OroMarketplace allows thousands of sellers to list and sell their products or services within the same marketplace, creating a diverse product catalog for buyers.
Advanced Catalog Management: OroMarketplace often provides tools for managing product listings, categorization, and attributes to ensure a well-organized and searchable marketplace.
Order Management: It includes order processing and management features that enable the tracking of orders, order fulfillment, and communication between sellers and buyers.
Payment Management: The platform often supports various payment methods.
Advanced Search and Navigation: Enhanced search and navigation features make it easy for buyers to find products from various sellers efficiently.
Customization and Branding: Businesses can often customize the look and feel of their marketplace, branding it to match their unique identity.
Security and Compliance: Highest security standards guaranteed with GDPR, PCI DSS compliance, and SOC 2 Type II certification.
Scalability: OroMarketplace is designed to grow with your business, accommodating a growing number of sellers and buyers as your marketplace expands.
Integration Capabilities: Extensive set of open APIs to enable the integration with any service/technology provider (ERP, eCommerce PIM, shipping, payment, loyalty, rating and review systems)
Reporting and Analytics: OroMarketplace offers reporting and analytics tools to help marketplace owners gain insights into performance, sales, and customer behavior. It also includes Customizable dashboard and analytics widgets to monitor business-critical KPIs.
Integrating with OroMarketplace offers numerous benefits for businesses looking to create or expand their online marketplace presence.
Design and UX: Flexible store front-end that enables you to customize the UX with a help of the downloadable UI kit that saves hundreds of hours of design and front-end work
Diverse Product Catalog: Ability to aggregate products from multiple sellers, creating a more extensive and diverse product catalog. This variety can attract a broader range of customers and enhance their shopping experience.
Enhanced Customer Experience: A diverse product offering, combined with advanced search and navigation tools, provides customers with more choices and a better shopping experience. This can lead to higher customer satisfaction and loyalty.
Data Insights: With an integrated marketplace, you can gather valuable data on customer behavior, sales trends, and seller performance. This data can inform your business decisions and marketing strategies.
Improved Seller Management: OroMarketplace provides tools for onboarding and managing sellers efficiently, streamlining processes such as product listing, order fulfillment, and payment disbursement.
OroMarketplace includes various security measures to protect sensitive customer data and ensure the platform’s overall security. These measures help safeguard against data breaches, unauthorized access, and other security threats. Here are some of the security measures typically implemented in OroMarketplace:
Authentication and Authorization:
User authentication: OroCRM supports strong authentication mechanisms, including multi-factor authentication (MFA), to ensure only authorized users can access the system.
Role-based access control (RBAC): OroCRM allows administrators to define user roles and permissions, ensuring that users have the appropriate level of access to data and functionality based on their roles.
Data in transit: OroCRM uses secure communication protocols like HTTPS to encrypt data transmitted between the client and the server, ensuring that data is protected during transmission.
Data at rest: Sensitive data stored in the OroCRM database is often encrypted to prevent unauthorized access in case of a breach.
OAuth2 Protocol for API Access: Oro uses the OAuth2 protocol, which is widely accepted as the standard for secure access to data via API. OAuth2 offers a secure and standardized way for applications and users to access Oro’s API while maintaining robust authentication and authorization controls. It allows the creation of access tokens and refresh tokens, ensuring that only authorized entities can interact with Oro’s API.
Protection Against CSRF Attacks: To guard against potential Cross-Site Request Forgery (CSRF) attacks, Oro implements robust security measures aimed at preventing any unauthorized modification of data via the user interface (UI). This is accomplished through the use of unique CSRF tokens, which are integrated into forms for each individual user session. Each form submission must include its corresponding token, and upon receipt, the server verifies the token’s legitimacy to ensure that it originates from a genuine and authenticated user session.
Data Audit: Oro’s data auditing capabilities create an audit trail of user activities and system events, which can be monitored and investigated for security incidents.
Account Lockout Mechanism: Oro uses a mechanism to prevent brute force attacks. The system monitors login attempts and locks or suspends the user’s account after a certain number of unsuccessful attempts within a given timeframe. This proactive approach helps protect user accounts from unauthorized access by malicious actors.