Getting started
Password
How to execute the authorization flow and get your access token
The
password grant type is used by sales channel applications to exchange a customer credentials for an access token (i.e. to get a "logged" access token).By including a scope in the access token request, all the resources that you fetch are automatically filtered.
Getting an access token
To get an access token using the
password grant type, send a POST request to the /oauth/token endpoint, passing the application credentials in the request body.Request
POST https://yourdomain.commercelayer.io/oauth/token
Arguments
Body parameter
Type
Required
Description
grant_type
stringRequired
passwordusername
stringRequired
The customer email address
password
stringRequired
The customer password
client_id
stringRequired
Your application
client_idscope
stringOptional
Your access token scope (market, stock location)
The access token scope is a string composed by
"market:{{market_number}}", where market_number is the number of the market you want to put in scope.Example
Sales channel
Request
Response
The following request tries to get an access token for a sales channel application, using the
password grant type for a specific user, putting in scope the market identified by the number "1234":1
curl -g -X POST \
2
'https://yourdomain.commercelayer.io/oauth/token' \
3
-H 'Accept: application/json' \
4
-H 'Content-Type: application/json' \
5
-d '{
6
"grant_type": "password",
7
"username": "[email protected]",
8
"password": "secret",
9
"client_id": "your-client-id",
10
"scope": "market:1234"
11
}'
Copied!
On success, the API responds with a
200 OK status code, returning the requested access token and customer info, along with a refresh token:1
{
2
"access_token": "your-access-token",
3
"token_type": "bearer",
4
"expires_in": 7200,
5
"refresh_token": "your-refresh-token",
6
"scope": "market:1234",
7
"created_at": 123456789,
8
"owner_id": "zxcVBnMASd",
9
"owner_type": "customer"
10
}
Copied!
Last modified 3mo ago
Copy link