Commerce Layer
Pricing
Blog
Sign up free
Introduction
Getting started
Authentication
Client credentials
Password
Refresh token
Authorization code
Roles and permissions
Fetching resources
Including associations
Sparse fieldsets
Sorting results
Pagination
Filtering data
Creating resources
Updating resources
Deleting resources
External resources
Handling errors
Real-time webhooks
Callbacks security
Resources
Addresses
Adjustments
Adyen payments
Attachments
Authorizations
Avalara accounts
Billing info validation rules
Braintree payments
Captures
Coupon codes promotion rules
Coupons
Customer addresses
Customer groups
Customer password resets
Customer payment sources
Customer subscriptions
Customers
Delivery lead times
External payments
External promotions
External tax calculators
Fixed amount promotions
Free shipping promotions
Gift card recipients
Gift cards
Imports
In stock subscriptions
Inventory models
Inventory return locations
Inventory stock locations
Line item options
Line items
Manual tax calculators
Markets
Merchants
Order amount promotion rules
Orders
Packages
Parcels
Payment methods
Paypal payments
Percentage discount promotions
Price lists
Prices
Promotion rules
Promotions
Refunds
Return line items
Returns
Shipment line items
Shipments
Shipping categories
Shipping methods
Shipping zones
SKU list items
SKU list promotion rules
SKU lists
SKU options
SKUs
Stock items
Stock locations
Stripe payments
Tax calculators
Tax categories
Tax rules
Taxjar accounts
Voids
Webhooks
Wire transfers
Powered by GitBook

Authentication

How to get your access token, based on OAuth 2.0 grants

All API requests must be authenticated. To get authorized, you must include a valid access token in the Authorization header:

Authorization: Bearer your-access-token

Authorization flows

To get an access token, you need to execute an authorization flow by using a valid application as the client.

The authorization flow depends on the grant type as described in the table below:

Grant type

Sales channel

Integration

Webapp

Client credentials

Password

Refresh token

Authorization code

For security reasons, access tokens expire after 2 hours. Refresh tokens expire after 2 weeks.

Previous
Getting started
Next
Client credentials
Last updated 8 months ago
Edit on GitHub