Authentication

You'll need to authenticate your requests to access any of the endpoints in the BetterCommerce API. In this guide, we'll look at how authentication works. BetterCommerce offers two ways to authenticate your API requests: Basic authentication and OAuth2 with a token — OAuth2 is the recommended way.

OAuth2 bearer token

The BetterCommerce APIs provide authentication support based on OAUTH2.

1. The API supports OAUTH2 bearer token mechanism which can generated dynamically using the AUTH APIs.
2. The bearer token can be simply generated by making the api call to AUTH API mentioned below and passing the api client id & shared secret.

Authentication API

The token has a predefined expiry of 24 hours. Currently refresh token call isn’t supported, in case of expiry simply make another token call using the client id and shared secret.

curl https://auth.bettercommerce.io/oAuth/Token \
  -H "Content-type: application/x-www-form-urlencoded" \
  -d "client_id=<<client_id>>&client_secret=<<shared_secret>>&grant_type=client_credentials"

{
    "access_token": "<<access_token>>",
    "token_type": "bearer",
    "expires_in": 3599,
    "refresh_token": "<<refresh_token>>"
}

Sample API requests using the Bearer Token

curl <api_url>/api/v2/catalog/brand/all \
  -H "Authorization: Bearer {token}"

Once you've got your bearer token, it must be passed in 'Authorization' header along with every request.

Additional Custom Headers

The following additional custom headers can be passed to ALL the API calls. These data inputs are typically useful to localize different elements of the API responses. These are provided as custom headers rather than an input param for each method for the sake of simplicity.