All requests to the API need to be accompanied by an authorization header with an authentication token:
Authorization: Bearer 212LJ3k0i2382364HIUEjfeJB98yvH
Authentication token gives permissions for the client to access their data, and is used to authenticate a request to the API endpoint.
Read our Quick Start guide on how to make your first API request.
Authentication tokens are generated via the
There are two main token types available for use within your store
implicit. The implicit token is the more limited of the two, restricting access to mostly read-only, whereas client credential token has full read and write access.
- For more details on token formatting, see: Content Type.
Do not use or disclose your
client_secret in public.
|The epoch time that this token expires at.|
|The type of token requested. This can be a |
|The duration in seconds after which the token expires.|
|The access token you use for subsequent authenticated requests to the API.|
|Right now this is only |
Client credentials vs. implicit use case scenarios
Typically, you’d use the implicit authentication method for client-side browser based applications (i.e. frontend), and client credentials for all administrative tasks (
CRUD) you’d need to perform at the backend.
You can also generate customer tokens to authenticate the customers with single sign-on, or email address and password. You must use customer token with the implicit token to access orders or customer APIs. Using the tokens, you can create and filter orders and addresses.