Hey @Ripley79 authentication is described in another thread. Over-the-wire security is handled via HTTPS when clients are sending/receiving requests and responses. In terms of security within WC1 itself, the API is using the same security mechanisms we have in place today, all the way from how users are authorised via roles & groups, through to how data is encrypted at rest within the database.