Announcement: You can find the guides for Commerce 7.5 and later on the new Elastic Path Documentation site. The Developer Center continues to support Commerce 6.13.0 through 7.4.1.Visit new site

Security Roles

Security Roles

A role is a set of permissions that restricts/allows customers access to Cortex and its resources.

Out of the box, Cortex has two roles:

Role Description
REGISTERED This role is designed for customers with a registered account. For information on how to generate an OAuth token for a customer with an account, see Authenticate a customer.
PUBLIC This role is designed for customers without a registered account. The use of this role allows customers to make purchases without requiring a customer account. For information on how to generate an OAuth token for a customer without an account, see Generate public OAuth Token.

How the roles work depends on your Cortex implementation. Out of the box, all Cortex resources support REGISTERED and PUBLIC roles, so both customers with accounts and without accounts can make purchases through the API.