B2B user provisioning
Learn how to migrate B2B users from external platforms to VTEX by registering users, creating organizational units, and managing roles and permissions.
This feature is available only for stores using B2B Buyer Portal, currently available for selected accounts.
This guide explains how merchants can migrate their B2B user base from external platforms to VTEX in a secure way, including how to:
- Register new users in VTEX ID with unique login credentials.
- Create and manage organizational units for buyer users.
- Link users to their respective organizational units.
- Assign administrative roles and permissions to users.
- Save detailed user information in the Shopper entity.
Before you begin
Before provisioning B2B users in VTEX, make sure the required features are enabled and the appropriate permissions are configured:
- The Storefront Permissions feature is enabled for your account. Requests to accounts without this feature enabled will receive a
403 Forbiddenresponse. - Any user or API key must have an admin role containing the appropriate License Manager resources to successfully run requests listed in the table below. Otherwise, the requests will return a
403error.
| Product | Category | Resource | Associated endpoints |
|---|---|---|---|
| VTEX ID | User Management | Create User | POST Create storefront user with username |
| Organization Units | Units | Edit Organization Unit | POST Create organizational unit POST Assign user to organizational unit |
| License Manager | Services access control | Edit Storefront User Permissions | POST Assign storefront roles to user |
| Dynamic Storage | Dynamic storage generic resources | Insert or update document (not remove) | POST Create new document |
B2B buyer requirements
For effective authentication, every B2B buyer must comply with the following:
- The username must be unique within the store.
- The user must be linked to an organizational unit.
- The user's organizational unit must be linked with at least one valid contract.
- The user must be registered in the Shopper entity in Master Data v2.
- If the user signs in with an email, they must have a valid email address registered in the Shopper entity to receive an access code when defining or recovering their password.
How it works
The user provisioning process follows these main steps:
- Create storefront user with username: Register new storefront users in VTEX ID with unique login credentials.
- Create organizational unit: Create organizational units where storefront users will be assigned.
- Assign user to organizational unit: Link storefront users to their respective organizational units.
- Assign storefront roles to user: Assign storefront roles and permissions to users.
- Save buyer data: Register detailed user information in the Shopper entity.
At this stage, the created user is not yet linked to an organizational unit, nor do they have storefront permissions.
Step 1 - Create storefront user with username
Register a new user in VTEX ID. You must create this user with a required username, which remains the primary login identifier for the storefront. The username is a case-insensitive field that accepts 3 to 70 characters, including special characters (except whitespace).
Optionally, you may also register a login email for the user. When provided, the user can use this email address as an alternative login identifier to authenticate using either their username or their login email address. This same login email will also be used for password recovery.
The login email address defined in this step is different from the email address collected in Step 5, which is used exclusively for transactional communications and does not affect authentication or password recovery.
At this stage, the created user is not yet linked to an organizational unit, nor do they have storefront permissions.
Parameters:
identifiers: List of login keys, indicating their type and value.isLegacyPassword: Indicates whether the user should recover their password through an external service (true) or define a new password on their first login (false, default).
For more information, see
POSTCreate storefront user with username.
Once you create a user, you can’t edit or remove it. If you upload incorrect data, create a new user with a new username.
Request example
_20curl -X POST "https://{{accountname}}.vtexcommercestable.com.br/api/authenticator/storefront/users?isLegacyPassword=false" \_20 -H "X-VTEX-API-AppKey: {{X-VTEX-API-AppKey}}" \_20 -H "X-VTEX-API-AppToken: {{X-VTEX-API-AppToken}}" \_20 -H "Content-Type: application/json" \_20 -d '{_20 "identifiers": [_20 {_20 "type": "username", _20 "value": "beneson_test_21"_20 }, _20 {_20 "type": "email", _20 "value": "beneson2010@gmail.com+4"_20 }, _20 {_20 "type": "phoneNumber", _20 "value": "415‑602‑8838"_20 }_20 ]_20}'
Response example
_10{_10 "userId": "f0a15a42-f7fc-4b09-a9ab-fabc76d9f332",_10 "identifier": "beneson_test_21"_10}
Step 2 - Create organizational unit
This step is required only if the storefront user's organizational unit does not exist yet. If it already exists, proceed to Step 3 - Assign user to organizational unit.
Organizational units identify the organizations that buyer users are part of. All new units are created at the root level. To create child-level units, see POST Move organizational unit.
For more information, see
POSTCreate organizational unit.
Request example
_10curl -X POST "https://{{accountName}}.vtexcommercestable.com.br/api/organization-units/v1" \_10 -H "X-VTEX-API-AppKey: {{X-VTEX-API-AppKey}}" \_10 -H "X-VTEX-API-AppToken: {{X-VTEX-API-AppToken}}" \_10 -H "Content-Type: application/json" \_10 -d '{_10 "name": "marketing-department"_10}'
Response example
_13_13{_13 "createdAt": "2025-03-19T21:28:13.103978Z",_13 "updatedAt": "2025-03-19T21:28:13.103978Z",_13 "name": "marketing-department",_13 "path": {_13 "ids": "qastore/b13531bb-8242-43fd-80f5-3263dd4e9cdd/92264b68-74da-4fc4-b51a-9ddcb8baf29a"_13 },_13 "id": "92264b68-74da-4fc4-b51a-9ddcb8baf29a",_13 "customerGroup": {_13 "customerIds": []_13 }_13}
Step 3 - Assign user to organizational unit
Links a user to an organizational unit, establishing their organizational membership.
For more information, see
POSTAssign user to organizational unit.
Request example
_10curl -X POST "https://{{accountName}}.vtexcommercestable.com.br/api/vtexid/organization-units/{{organizationUnit}}/users" \_10 -H "X-VTEX-API-AppKey: {{X-VTEX-API-AppKey}}" \_10 -H "X-VTEX-API-AppToken: {{X-VTEX-API-AppToken}}" \_10 -H "Content-Type: application/json" \_10 -d '{_10 "userIds": [ "468cc9c0-e8bd-4826-b7a6-13dce147dc26" ]_10 }'
Response example
_10_10{_10 "organizationUnitId": "b13531bb-8242-43fd-80f5-3263dd4e9cdd",_10 "addedUserIds": [_10 "468cc9c0-e8bd-4826-b7a6-13dce147dc26"_10 ],_10 "failedUserIds": []_10}
Step 4 - Assign storefront roles to user
Storefront users can have roles in their organizations. This endpoint assigns the role(s) the user will have within their buyer organization.
Each storefront role has a unique roleId (integer). The available roles and their permissions are:
| Role ID | Storefront role | Associated resources |
|---|---|---|
| 1 | Organizational Unit Admin | ManageOrganizationAndContract |
| 2 | Order Approver | ApproveOrders |
| 3 | Order Modifier | ModifyOrders |
| 4 | Buyer | PlaceOrders |
| 5 | Personal Cards User | UseAdHocCard, SavePrivateCard |
| 6 | Contract Manager | ViewMyContractOrders |
| 7 | Buyer Organization Manager | ViewMyOrgUnitOrders |
| 8 | Contract Viewer | ViewProfile, ViewMyCards, ViewAddresses |
| 9 | Address Manager | ManageAddresses |
For more information about available storefront roles and permissions, see Storefront Permissions. For the complete endpoint reference, see
POSTAssign storefront roles to user.
Request example
_10curl -X POST "https://{{accountName}}.vtexcommercestable.com.br/api/license-manager/storefront/user/roles" \_10 -H "X-VTEX-API-AppKey: {{X-VTEX-API-AppKey}}" \_10 -H "X-VTEX-API-AppToken: {{X-VTEX-API-AppToken}}" \_10 -H "Content-Type: application/json" \_10 -d '{_10 "id": "f0a15a42-f7fc-4b09-a9ab-fabc76d9f332",_10 "roleIds": [1, 4, 5]_10 }'
Response example
_17{_17 "id": "f0a15a42-f7fc-4b09-a9ab-fabc76d9f332",_17 "roles": [_17 {_17 "id": 1,_17 "name": "Organizational Unit Admin"_17 },_17 {_17 "id": 4,_17 "name": "Buyer"_17 },_17 {_17 "id": 5,_17 "name": "Personal Cards User"_17 }_17 ]_17}
Step 5 - Save buyer data
Buyer data is the source of truth for enriched profile information, such as first and last name, document, phone number, email, and other details. This endpoint allows you to save enriched user information.
In this context, the email address saved in buyer data is used exclusively for operational and transactional account actions, such as account activity, transaction status updates, and other order-lifecycle messages.
This transactional email is different from the login email defined in Step 1, which is used for authentication and password recovery.
For more information, see
POSTCreate new document.
Request example
_15curl -X POST "https://{{accountName}}.vtexcommercestable.com.br/api/dataentities/shopper/documents?_schema=v1" \_15 -H "X-VTEX-API-AppKey: {{X-VTEX-API-AppKey}}" \_15 -H "X-VTEX-API-AppToken: {{X-VTEX-API-AppToken}}" \_15 -H "Content-Type: application/json" \_15 -H "Accept: application/json" \_15 -d '{_15 "userId": "{{userId}}",_15 "firstName": "User First Name",_15 "lastName": "User Last Name",_15 "document": "111.444.000-00",_15 "email": "user@vtex.com",_15 "phone": "5583987499600",_15 "documentType": "cpf",_15 "cards": []_15 }'
Response example
_10{_10 "Id": "shopper-cbfc4f67-6ea3-11ee-83ab-0a8d18f9f827",_10 "Href": "http://{{accountName}}.vtexcommercestable.com.br/api/dataentities/shopper/documents/cbfc4f67-6ea3-11ee-83ab-0a8d18f9f827",_10 "DocumentId": "cbfc4f67-6ea3-11ee-83ab-0a8d18f9f827"_10}
Additional operations
For additional user and organizational management operations, see the following API references: