Client credentials
How to execute the authorization flow and get your access token
Sales channels use the client_credentials
grant type to get a "guest" access token. Integrations use the client_credentials
grant type to get an access token for themselves.
By including a scope in the access token request, all the resources that you fetch are automatically filtered.
Getting an access token
To get an access token using the client_credentials
grant type, send a POST
request to the /oauth/token
endpoint, passing the API client credentials in the request body.
Request
POST https://auth.commercelayer.io/oauth/token
Arguments
grant_type
String
Required
client_credentials
client_id
String
Required
The client ID (from you API credentials).
scope
String
Optional
Your access token scope (market, stock location).
Sales channels require a market in scope
when requesting their access token to perform the permitted CRUD actions. On the other hand, they don't require the client_secret
argument when using the client_credentials
grant type. That lets you use them safely client-side.
Examples
Sales channel
The following request tries to get an access token for a sales channel, using the client_credentials
grant type and putting in scope the market identified by the ID "xYZkjABcde":
Integration
The following request tries to get an access token for an integration, using the client_credentials
grant type:
Last updated