circle-check
Introducing our brand new event Stream Hub —
Read the docschevron-right
search
Changelog

Password

How to execute the authorization flow and get your access token

The password grant type is used by sales channels to exchange customer credentials for an access token (i.e. to get a "logged" access token).

circle-info

By including a scope in the access token request, all the resources that you fetch are automatically filtered.

hashtag
Getting an access token

To get an access token using the password grant type, send a POST request to the /oauth/token endpoint, passing the API client credentials in the request body.

hashtag
Request

POST https://auth.commercelayer.io/oauth/token

hashtag
Arguments

Body parameter
Type
Required
Description

grant_type

String

Required

password

username

String

Required

The customer's email address.

password

String

Required

The customer's password.

client_id

String

Required

Your client ID (from your API credentials).

scope

String

Optional

Your access token scope (market, stock location).

hashtag
Example

hashtag
Sales channel

The following request tries to get an access token for a sales channel, using the password grant type for a specific user, putting in scope the market identified by the ID "xYZkjABcde":

curl -g -X POST \
  'https://auth.commercelayer.io/oauth/token' \
  -H 'Accept: application/json' \
  -H 'Content-Type: application/json' \
  -d '{
  "grant_type": "password",
  "username": "[email protected]",
  "password": "s3creT",
  "client_id": "{{your_client_id}}",
  "scope": "market:id:xYZkjABcde"
}'
PreviousClient credentialsNextAuthorization code

Last updated