Business users who want to access the administration interface provide their login credentials through an HTTPS request, which obtains an OAuth 2.0 bearer token. The token is then used to verify the authenticity of the user for subsequent login requests. Registered customers requiring access to secure pages, such as their profile or checkout, are authenticated in the same way. See Configure Shopper Settings for information on about configuring the length of a logged-in shopper session.

The administration interface automatically logs business users out after 15 minutes of inactivity to comply with PCI standards.