Skip to main content
Version: 1.0

Authentication

Authenticating for Documentation

Use the appropriate key(s) for the actions you wish to take on the documentation site. Once you have authenticated, copy the Bearer token contained within the response. Use this bearer token on your first request on any page within the endpoint documentation. Once you have entered your bearer token on one page, that token will be long lived across all other endpoints. Tokens expire after a period of one hour. You may navigate back to the authentication endpoint at any time to change credential types. Doing so will require the use of the new Bearer token generated when switching credentials.

Authorization: Bearer 212LJ3k0i2382364HIUEjfeJB98yvH

Authentication for APIs

All requests to the API need to be accompanied by an authorization header with an authentication token:

Authorization: Bearer 212LJ3k0i2382364HIUEjfeJB98yvH

Authentication token gives permissions for the client to access their data, and is used to authenticate a request to the API endpoint.

note

Read our Quick Start guide on how to make your first API request.

Authentication tokens are generated via the authentication endpoint and expire within 1 hour. They need to be then regenerated. If you’re using our JavaScript SDK, this is automatically handled for you.

There are two main token types available for use within your store client_credentials and implicit. The implicit token is the more limited of the two, restricting access to mostly read-only, whereas client credential token has full read and write access.

For more details on token formatting, see Content Type.

caution

Do not use or disclose your client_secret in public.

Client Credentials vs. Implicit Use Case Scenarios

Typically, you would use the implicit authentication method for client-side browser based applications (i.e. frontend), and client credentials for all administrative tasks (CRUD) you need to perform at the backend.

Account Authentication

You can also generate account tokens to authenticate account members (shoppers) with one of many available authentication methods. You must use account management authentication token with the implicit token to access orders or account APIs. Using the tokens, you can create and filter orders and addresses.

Customer Authentication

You can also generate customer tokens to authenticate the customers with single sign-on, or email address and password. You must use customer token with the implicit token to access orders or customer APIs. Using the tokens, you can create and filter orders and addresses.

License

MIT