How to get your access token, based on OAuth 2.0 grants

All API requests must be authenticated. To get authorized, you must include a valid access token in the Authorization header:

Authorization: Bearer your-access-token

Authorization flows

To get an access token, you need to execute an authorization flow by using a valid application as the client.

The authorization flow depends on the grant type as described in the table below:

Grant type

Sales channel



Client credentials


Refresh token

Authorization code

For security reasons, access tokens expire after 2 hours. Refresh tokens expire after 2 weeks.