Documentation
Feedback
Guides
API Reference

Guides
API usageAuthenticationApp authentication using auth tokens
App authentication using auth tokens

When working on VTEX IO apps, you generally won't have to make direct requests to VTEX APIs. This is because VTEX IO already provides convenient access to VTEX APIs through pre-defined clients. Hence, using application keys within your app will often be unnecessary. When necessary, the recommended approach involves employing authentication tokens.

We recommend using the VTEX IO clients package when possible. In this context, every client method accepts an optional argument called authMethod, which receives one of three authentication options, indicating which token will be used in this request.

The tokens are available via the VTEX IO context and are associated with different permissions.

You can import the context in your app as in the following: import { IOContext } as ctx from '@vtex/api'. See the table below to learn about each token.

TokenauthMethodVia contextDescriptionPermissions
App authentication token (default)AUTH_TOKENctx.authTokenEvery VTEX IO app has its own temporary authentication token. We recommend you avoid using this app token whenever user tokens are available.Permissions declared in the policies in your app's manifest. In this file, developers must declare precisely what actions are allowed for the app they are building.
Store user tokenSTORE_TOKENctx.storeUserAuthTokenUser token with store scope.Shopper permissions.
Admin user tokenADMIN_TOKENctx.adminUserAuthTokenUser token with Admin scope.Administrative permissions as defined by License Manager roles associated with the logged in user.

If your project requires features not provided by the available clients, we recommend creating your own clients following the same authentication logic.

Authenticate your apps' actions with user tokens whenever possible. Currently, app authentication tokens are not subject to License Manager permissions. We recommend that you consider this when defining your app's architecture and configuring policies.

Contributors
2
Photo of the contributor
Photo of the contributor
+ 2 contributors
Was this helpful?
Yes
No
Suggest Edits (GitHub)
See also
API authentication using user tokens
Guides
Contributors
2
Photo of the contributor
Photo of the contributor
+ 2 contributors
On this page