Introducing our brand new Rules Engine —
Read the docs
LogoLogo
Core APIOther APIsChangelog
Getting started
Getting started
  • Welcome to Commerce Layer
    • Guided setup
    • Manual configuration
  • API specification
  • API credentials
  • Authentication
    • Client credentials
    • Password
    • Authorization code
    • Refresh token
    • JWT bearer
    • Revoking a token
  • Roles and permissions
  • Fetching resources
  • Fetching relationships
  • Including associations
  • Sparse fieldsets
  • Sorting results
  • Pagination
  • Filtering data
  • Creating resources
  • Updating resources
  • Tagging resources
  • Deleting resources
  • Importing resources
  • Exporting resources
  • Cleaning up resources
  • External resources
    • External order validation
    • External prices
    • External shipping costs
    • External payment gateways
    • External promotions
    • External tax calculators
  • Rate limits
  • Handling errors
  • Real-time webhooks
  • Callbacks security
On this page
  1. Authentication

How to migrate

The simple steps you need to take to make sure your integration is up-to-date with the new Authentication API

Last updated 6 months ago

We've recently migrated the whole authentication process to our new . The legacy endpoints, scope syntax, and SSO using a custom org-specific secret key are no longer supported since November 2024. If you need to manage any projects or Commerce Layer integrations that still leverage the old way of authenticating, please follow the steps below to update them.

To migrate to the new authentication process you just need a couple of tweaks to your current codebase:

  1. Change the authentication endpoint from https://yourdomain.commercelayer.io/oauth to https://auth.commercelayer.io/oauth

  2. Stop using the market and/or stock location number (e.g.: market:1234) when and start using the new syntax with the ID or the code (e.g. market:id:xYZkjABcde or market:code:europe).

  3. If you're still leveraging a custom org-specific secret key to sign a manually built JWT for SSO, switch to the flow with a proper .

Authentication API
JWT bearer
including a scope
assertion