How to get your access token, based on OAuth 2.0 grants
All API requests must be authenticated. To get authorized, you must include a valid access token in the Authorization header:
Authorization: Bearer your-access-token
To get a valid access token you need to send a
POSTrequest to the
/oauth/tokenendpoint. The payload to be sent with the request differs based on the kind of application you're requesting the access token for and will be detailed case by case in the following sections.
To get an access token, you need to execute an authorization flow by using valid API credentials for the client.
For security reasons, access tokens expire after a default period of time. Your access token lifetime differs based on the kind of application you're using:
You can specify a custom lifetime for the token at the application level on the admin dashboard when you create/update each of them. The token lifetime value must be expressed in seconds and fall within a min of 2 hours (7200 secs) and a max of 1 year (31536000 secs).
For each of the above authorization flows you can restrict the scope to a specific active market and/or stock location.
By including a market scope in the access token request —
market:1234— all the resources (e.g. SKUs, prices, stock items) that you fetch are automatically filtered.
By including a stock location scope in the access token request —
stock_location:4567— the stock is restricted to the SKUs available in that specific stock location.
"scope": "market:1234 stock_location:4567"