platform · security

role + scope + permission. all three.

okommerce enforces access at the API layer, not just the UI. a branch manager in riyadh sees riyadh data — even if they hit the API directly with a stolen token.

live demo read docs

role + scope hard wall

scope NEVER overrides role. there's no read-only fallback. it's a wall, not a hint.

7 scope levels

global, multi-country, country, head office, multi-branch, branch, warehouse.

audit log

every create/update/delete/approval is logged. who, what, when, before, after.

two-factor auth

TOTP-based 2FA built in. enforce per-role.

ZATCA & e-invoicing

saudi ZATCA phase 2 e-invoicing certified. UAE FTA-compliant tax invoices.

PCI guidance

we never store card data. enterprise customers get PCI-aware deployment guidance.

dig deeper.

the platform is the surface — the modules and AI agents are the depth. take the live demo for a spin to see them all working together.

request demo access or read the architecture docs