Auth Tokens & Request Context

When this skill applies

Use this skill when the main decision is which VTEX IO identity should authenticate a backend request to VTEX services.

• Choosing between ctx.authToken, ctx.storeUserAuthToken, and ctx.adminUserAuthToken
• Deciding whether a VTEX client call should use AUTH_TOKEN, STORE_TOKEN, or ADMIN_TOKEN
• Reviewing storefront and Admin integrations that should respect the current user identity
• Replacing hardcoded appKey and appToken usage inside a VTEX IO app

Do not use this skill for:

• deciding which policies belong in manifest.json
• modeling route-level authorization or resource-based policies
• choosing between ExternalClient, JanusClient, and other client abstractions
• browser-side login or session UX flows
• validating route input or deciding what data may cross the app boundary

Decision rules