API Reference
API Reference
Commerce Layer
Pricing
Blog
Sign up free
Introduction
Getting started
Authentication
Client credentials
Password
Refresh token
Authorization code
Roles and permissions
Fetching resources
Including associations
Sparse fieldsets
Sorting results
Pagination
Filtering data
Creating resources
Updating resources
Deleting resources
Handling errors
Real-time webhooks
Resources
Addresses
Attachments
Credit cards
Customer addresses
Customer groups
Customer password resets
Customer payment sources
Customer subscriptions
Customers
Delivery lead times
Imports
Inventory models
Line item options
Line items
Markets
Merchants
Orders
Parcels
Payment methods
Paypal payments
Price lists
Prices
Shipments
Shipping categories
Shipping methods
Shipping zones
SKU options
SKUs
Stock items
Stock levels
Stock locations
Webhooks
Wire transfers
Powered by GitBook

Authentication

How to get your access token, based on OAuth 2.0 grants

All API requests must be authenticated. To get authorized, you must include a valid access token in the Authorization header:

Authorization: Bearer your-access-token

Authorization flows

To get an access token, you need to execute an authorization flow by using a valid application as the client.

The authorization flow depends on the grant type as described in the table below:

Grant type

Channel

Integration

Webapp

Client credentials

​​

​​

​

Password

​​

​

​

Refresh token

​​

​

​​

Authorization code

​

​

​​

For security reasons, access tokens expire after 2 hours. Refresh tokens expire after 2 weeks.

Previous
Getting started
Next
Client credentials
Last updated -3
Edit on GitHub