Announcement: You can find the guides for Commerce 7.5 and later on the new Elastic Path Documentation site. The Developer Center continues to support Commerce 6.13.0 through 7.4.1.Visit new site

Security Roles

Security Roles

A role is a set of permissions that restricts/allows customers access to Cortex API and its resources.

Out of the box, Cortex API has two roles:

Role Description
REGISTERED This role is designed for customers with a registered account. For information on how to generate an OAuth token for a customer with an account, see Authenticate a customer.
PUBLIC This role is designed for customers without a registered account. The use of this role allows customers to make purchases without requiring a customer account. For information on how to generate an OAuth token for a customer without an account, see Generate public OAuth Token.

How the roles work depends on your Cortex API implementation. Out of the box, all Cortex API resources support REGISTERED and PUBLIC roles, so both customers with accounts and without accounts can make purchases through the API.