Authentication for Suppliers

The Suppliers API implements the client credentials flow of the OAuth specification. While many of the concepts explained in the authentication guide still apply, there are some differences to keep in mind.

For example, the client credentials flow does not require human intervention, and you will interact with the API as an application rather than a specific user. This is because, as a supplier, you'll be posting assortments and managing orders outside the scope of a specific Apicbase library.

Get an Access Token

After being accepted as a partner, you'll be granted a set of client credentials with which you can start making requests. These credentials remain the same for your test and production environments.

To get an access token, make a POST request to with the following payload:

  grant_type: "client_credentials",
  client_id: "YOUR_CLIENT_ID",
  client_secret: "YOUR_CLIENT_SECRET",
  scope: "supplier"

The authorization server will reply with an access token and the token's expiration time in seconds:

  "access_token": "YOUR_ACCESS_TOKEN",
  "expires_in": 604800,
  "token_type": "Bearer",
  "scope": "supplier",

This access token is normally valid for one week. When it expires, simply request a new one using your client credentials.

Making Requests with the Access Token

The access token is a bearer token. Include it in the Authorization header preceded by the string literal "Bearer ". Here's an example using cURL:

curl --request GET \
     --url \
     --header 'accept: application/json' \
     --header 'authorization: Bearer AEIOU12345'