Improve security and user management with our Authentication API.

Core concepts

Authentication: a key to success for any ecommerce experience.

March 21, 2023 Seth Bindernagel

Gatorade really gets into personalization. So much so, they want to measure your sweat. Seems gross, right? It’s debatable. But what’s not debatable is that the business behind sweat adds up. Gatorade dominates the U.S. sports drink category, holding a 72.1% market share of retail sales, according to Euromonitor. And with their Gx Sweat Patch, they stand to keep growing. Gatorade claims they can now help athletes understand how they sweat, share how to hydrate better, and personalize preparation and recovery. How do they do this? Buy a 2-set for $24.99, install their app and sign up, and then start sweating. Ultimately, the brand will use aggregated exercise data from fitness apps as well as Gatorade Sports Science Institute to better provide athletes recommendations on training, recovery, and (of course) nutrition, aka soft drinks. Now that’s getting personal.

Gatorade's Gx Sweat Patch and mobile app depends on strong authentication.

In fact, 72% of consumers interviewed in a McKinsey report said they «expect the businesses they buy from to recognize them as individuals and know their interests.» It has become a foregone conclusion by consumers that a brand like Gatorade will know what they should drink to quench their thirst and maximize their training regimen. It takes a whole lot of data science and analysis to make a good product recommendation, but underlying all of Gatorade’s personalization is a fundamental concept to any ecommerce business — authentication.

Source: McKinsey, "The value of getting personalization right — or wrong — is multiplying"

A strong authentication process ensures that athletes can share and receive data from Gatorade safely and securely. Gatorade can’t share data with the wrong person, or worse, have their database of all athlete data get compromised. They need a bulletproof system that won’t make users sweat every time they share their personal health data. And that’s where the fundamentals of authentication and authorization come into the field of play. It’s key for everyone to understand what they are, how they are different, and how they work together.

What is the difference between authentication and authorization?

Authentication is the process of verifying the identity of a user or a system. Every time Gatorade wants to analyze your sweat to sell you more liquid athleticism, you have to authenticate with, or log into, their app. After you authenticate, you can then share your sweat-stats. If you want to go the extra mile, you can authorize Gatorade to talk to other exercise apps you use. Note the small difference there? Authentication is not authorization. You can read this excellent primer about the difference between authentication and authorization.

In short, access to a resource is protected by both authentication and authorization. If you can't prove your identity, you won't be allowed into a resource. And even if you can prove your identity, if you are not authorized for that resource, you will still be denied access.

Authentication ensures that only authorized users have access to sensitive information, like how much you exercise, how active you are, or more mundane things like payment details, order history, and account information. There are different types of authentication: password-based authentication, multi-factor authentication (MFA), biometric authentication, and social media authentication. You can dive deeper into authentication (and how it is related to, but different from authorization!) here.

What are the reasons to build authentication into your ecommerce store?

82% of online consumers are more likely to make a purchase from a website if they have an online account with the vendor. Wow, that’s a lot of soft drinks. If that doesn’t quench your thirst for understanding why a brand should add authentication to an ecommerce experience, the other benefits are clear as mountain spring water. They are:

  • Protecting customer data, including payment information and personal details, from unauthorized access.
  • Preventing fraud by verifying the identity of customers making transactions
  • Managing loyalty programs and dedicated promotions with private customer groups and rules only accessible those groups.
  • Setting up customer account management for order tracking, subscription management, saved payment details, and shipping information.
  • Ensuring compliance with legal requirements that deal with the security of customer data.
  • Managing referral programs that incentivize customers to pull in friends and family.

But that’s not all. Customers also win. As an authenticated customer, you get the following benefits:

  • Faster checkout — Authenticated users can save their payment and shipping information, making checkout faster and more convenient.
  • Order history — Customers can view their order history and track the status of their orders.
  • Personalized search and recommendations: Engaged customers can see hyper relevant product suggestions based on order history and other inferred interests.
  • Saved carts — Authenticated users can save items in a cart for future purchases.
  • Loyalty rewards — Return customers can access benefits such as discounts or free shipping.
  • Create wish lists — Hopeful shoppers can save products they want to purchase or receive in the future.
  • Product reviews — Trusted users can leave product reviews, which can help other customers make informed purchasing decisions.

What is single sign-on (SSO) and how does Commerce Layer handle it?

Single Sign-On (SSO) is a powerful and convenient authentication method that allows a user to access multiple applications or websites with just one set of login credentials. In other words, instead of having to remember and enter different usernames and passwords for each service, SSO enables a user to log in once and be automatically signed in to all the services that support the same authentication protocol. SSO saves time and effort and improves security as users are less likely to use weak or duplicate passwords.

Vendors who offer solutions like SSO and other identity management services are often referred to as IDaaS (Identity as a Service). They can help you add authentication to your ecommerce store. Some well known providers include

  • Auth0/Okta
  • AWS/Cognito
  • Keycloak
  • Firebase
  • Ory

Commerce Layer lets you authenticate users in your systems, using single sign-on with the JSON Web Token (JWT). This way, a user can be automatically verified with an identity provider of your choice, such as Auth0, Okta, or even a custom one, when they sign in. You can read more about how Commerce Layer enables authentication by visiting our documentation.

Other considerations

Your thirst for more might leave you asking for other considerations or some counterpoints to consider. We've thought of a few:

Our Gatorade example might make you think that personalization is one of the core benefits of an authenticated experience. It's true that a logged-in customer makes personalization much easier. But personalization tools can also gather signals to personalize the experience even if a customer is not logged in. While authenticated experiences might be a goal, you can personalize your digitial epxerience without it.

It should also be noted that authentication requires an extra step in the customer experience -- signing up and logging in. These extra steps could impact your conversions. Finding the right balance is key (e.g., optional authentication with "guest" personalization).

Finally, for some businesses, authentication makes more sense than for others. It's a no-brainer if you are a customer who shops on Amazon. But, it's less required if you shop from a luxury brand. And when you think about it, it makes sense. Luxury shoppers typically don't buy a $2,000 handbag every week. That said, in some cases, there might be other reasons to create an account, such as getting access to VIP-only features.

Crossing the finish line

Gatorade’s case shows how a unique product like their Gx Sweat Patch builds on the fundamentals of authentication and authorization. The experience offers unique value to both their customers and their bottom line. In general, authenticated sessions deliver a better customer experience, faster checkout, order history, personalized recommendations, saved carts, loyalty rewards, product reviews, data security, fraud prevention, and so much more. It’s a win-win situation for both businesses and customers.

Stay tuned for an upcoming blog post from our Head of Product, Matteo Alessani, who will show how to build an authenticated experience with Commerce Layer and Auth0.