IOTA E-commerce Services

With the IOTA Audit Trail service, third-party e-commerce solutions can easily log and share immutable information while authorized third parties can access them and verify their integrity and authenticity.
The Self-Sovereign Identity service enables the creation, issuing, and verification of trusted self-sovereign decentralized identities and credentials.

The IOTA Audit Trail service is used in the ENSURESEC project and the wider e-commerce industry to prove that critical data has not been tampered with and has originated from a trusted source. Meanwhile, it also ensures that customer data can be managed in a more ethical and secure way for all ecosystem actors, and helps prevent cyber-physical threats.

E-commerce infrastructure - Consumer Interaction

The main attacks in e-commerce

With the exponential growth of investments and data in e-commerce, many new attack vectors have opened up. Criminals seek to take advantage of cracks in traditional systems to steal value and data and disrupt services. To prevent this, e-commerce needs a secure digital infrastructure to share trusted data and to reduce the use and replication of personal information.

consumer interaction

Identity and Credit Card Fraud

transaction volume

Returns and Delivery Fraud

consumer interaction-1

Phishing Attacks

connected devices

Spamming with fake links

The Small Print

With our Audit Trail Gateway (GW), intelligent tools that monitor e-commerce threats share trusted untamperable information with verified sources. Moreover, with the e-commerce adoption of the SSI Bridge for IOTA Identities, customers can maintain control of their data, perform secure purchases and relieve small sellers of the burden of storing customer data and ensuring costly regulatory compliance. Honeypots that attract attackers also disappear. Sellers and logistics can prevent delivery and identity frauds.

IOTA Frameworks

IOTA Streams Symbol

IOTA Streams

IOTA Streams offers auditable encrypted data streams for any industry, ensuring data has not been modified throughout the industry data pipeline.

Identity Symbol

IOTA Identity

IOTA Identity provides access management (in this example, the Audit Trail Gateway) to hardware or software solutions alike.

E-commerce infrastructure - The Small Print - Image - Media

Built, tested, and used in

ensuresec logo

Developed Services

IOTA Audit Trail Gateway

This service enables users to create immutable encrypted data channels and share them with others. Data in channels are stored on the IOTA Tangle. A channel is implemented as an IOTA Stream and can handle different subscribers. By requesting a subscription to a channel, a subscriber can request Read, Write, and ReadAndWrite access to the channel. This request must be authorized by the creator (author) of the channel. After a subscriber is authorized, it is then able to write and/or read to and/or from the channel. In addition to subscribers, the author can always read and write messages in the channel. Authors and subscribers have their own IOTA Identity (through the SSI Bridge). All this workflow is managed with simple REST APIs.

IOTA Audit Trail Gateway media
E-commerce infrastructure - The Small Print - Developed Services 2 Media

IOTA Self Sovereign Identity Bridge

This service enables users to create Self-Sovereign Identities, linking Decentralized Identifiers (DIDs) to people, organizations, or devices. Each identity is represented by a unique public key immutably stored on the ledger. Identities and public keys are used to anchor off-chain verifiable credentials, which are certificates containing identity attributes signed by an Issuer identity (using its private key).

The Issuer itself is an entity with its own decentralized identity. The Bridge allows an identified trust root to verify users' identity. Verified identities can then propagate this verification to other entities (organizations, individuals, or objects) using a network of trust approach. Identity can be used with the Audit Trail Service or as stand-alone. The entire workflow is managed with simple REST APIs.

Our open source code

Audit Trail Gateway (GW) and Self-Sovereign Identity Bridge code can be found at our public GitHub by clicking on 'view code'. We invite developers and innovators to install and build on top of our services. The IOTA Foundation has developed services as building blocks to use in current and future projects.

These services have been developed as part of the ENSURESEC project, funded by the European Commission.

E-commerce infrastructure - Our open source code - media
E-commerce infrastructure - Why IOTA? - Content Block - Media


By utilizing the IOTA Identity and IOTA Streams services, traditional systems can enjoy several important benefits. The services have been built to be used as the core data transfer mechanism between other components, or as a complimentary service should other message buses (such as Kafka) be used.


Data Moving Icon

Verifiable Data



Fingerprint Icon







ENSURESEC is a collaborative Innovation Action project awarded by the European Commission to a consortium of 22 different partners, including the IOTA Foundation. This funding is part of the European Union’s Horizon 2020 Framework Programme under Grant Agreement No 883242. The IOTA Foundation works on ENSURESEC along with other e-commerce industry-leading partners together with an expert advisory board.

Contact IOTA

Please reach out to us o discuss any development, integration, or access-managed services based on these tools. We look forward to seeing additional real-world use cases with solutions built on top of our tools.