Getting Started
UpStart Commerce APIs

Authentication and Authorization

8min

This guide provides an overview of User Authentication and Authorization, along with their primary methods. While you can use the UpStart Commerce APIs directly for experimentation, we recommend you go through the general concepts to enhance your development experience.

Authentication

Authentication is the process of verifying the identity of a user or system. It serves as the initial gateway to access UpStart Commerce APIs. Unlike the conventional username and password method, our platform employs a more secure approach by authenticating users through API Keys and Session IDs. This enhances the overall security of the APIs and adds an extra layer of protection, which safeguards sensitive interactions.

Authentication Methods

There are four distinct authentication methods tailored for UpStart Commerce APIs.

1. API Key

An API Key is a unique identifier that ensures secure authentication and authorization for UpStart Commerce APIs. It enables controlled access, tracks usage, and validates requesters by serving as a secret token. This key is the authentication mechanism for users with UpStart Portal accounts, enabling them to invoke both management and consumer APIs.

To generate an API Key through our APIs, go to the API Key Guide.

2. Session ID

The Session ID is a unique identifier assigned during user authentication in UpStart Commerce. It tracks user interactions, manages sessions, facilitates features like authentication and personalization, and offers an alternative method for making API calls. The Session ID serves as the authentication mechanism for users with NoChannel Portal accounts and is not intended for consumers.

To generate a Session ID through our APIs, go to the Session ID Guide.

3. Anonymous Bearer Token

The Anonymous Bearer Token is designed for users who prefer to explore sites without the need to log in. This method allows users to interact with UpStart Consumer APIs, enabling them to build an anonymous user experience for the storefront site.

To generate an Anonymous Bearer Token through our APIs, go to the Anonymous Bearer Token Guide.

4. Logged-In Bearer Token

A Logged-In Bearer Token is given to the customer during the transition from an anonymous state to a registered state. This token allows users to explore advanced functionality and features available exclusively to registered users.

To generate a Logged-In Bearer Token through our APIs, go to the Logged-In Bearer Token Guide.

Authorization

Authorization determines whether a user has the necessary permissions to perform a specific action or access UpStart Commerce APIs. During user creation within the UpStart Commerce Platform, roles are associated with users according to their specific needs. These roles come with predefined sets of permissions that authorize users to access specific endpoints.

For detailed information on Authorization, go to the Roles and Permissions Guide.