In VTEX IO, each app is a resource on the platform. This means it can interact with other systems on its behalf. These interactions must be duly authorized by the Sponsor user or an account administrator.

Security and governance in this environment follow a shared responsibility model:

• VTEX provides and maintains the core security infrastructure.
• Clients manage tokens and access at the account level.
• App developers declare the necessary permissions their apps require.

The sections below outline these responsibilities in detail.

• Generating the available tokens in the context of VTEX IO.
• Maintaining the access control infrastructure and license verification via License Manager.
• Protecting the token lifecycle.
• Monitoring and responding to incidents in the ecosystem.

• Creating the necessary tokens for apps that integrate with external (third-party) services.
• Monitoring how tokens are used.
• Revoking or rotating tokens periodically to minimize security risks.

• Declaring the necessary permissions and roles to access any API the app uses in the manifest.json file.
• Choosing how permissions are handled when creating an app:
  1. User-level permission: The app only allows actions that match the permissions of the user's assigned token.
  2. App-level permission: The app operates using its own token, granting users the permissions defined for the app itself. This may expand the user’s access beyond what their individual token would normally allow.

Therefore, when creating an app, carefully evaluate the level of permission to be granted for each available token. Assigning unnecessary or excessive permissions can expose the account to security risks.

See also:

• App authentication using auth tokens
• Discovering VTEX Commerce APIs and authentication
• GraphQL authorization in IO apps
• Security Shared Responsibility Model