Getting Started

API Access

API Reference

Quickstarts

To get started with Appibase and be able to make your first API call, your application will need to get hold of an Access Token.

An Access Token is obtained by using an OAuth 2.0 Client application's credentials and making a request to the token endpoint of the OAuth API.

Storefront API

Follow the below steps to request your first Storefront API Access Token:

  1. Create a Personal account here
  2. Create an Organization account here
  3. Create a Storefront Client application for your new Organization account by
    • not specifying the Admin nor Confidential options, and
    • ignoring the Redirect URL (not relevant for Client Credentials flow)
  4. Take note of the Client ID and base64 encode it e.g. using this tool
  5. Use the cURL command below by replacing {base64-encoded-client_id} with the based64 encoded Client ID
curl --request POST 'https://appibase.com/oauth/token' \
--header 'Authorization: Basic {base64-encoded-client_id}' \
--header 'Accept: application/json' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'grant_type=client_credentials' \
--data-urlencode 'scope=storefront client'

The OAuth API will respond to the cURL command with a JSON containing the Access Token such as this:

{
  "access_token":"lFD4QXrKOp3taYhuw73oj7sJBHvtexW7ucWUH-8ifwc",
  "token_type":"Bearer",
  "expires_in":7200,
  "scope":"storefront client",
  "created_at":1645785334
}

Any request to the Storefront API requires the Access Token to be included in the Authorization header as a Bearer token e.g.

--header 'Authorization: Bearer {access_token}' \
--header 'Accept: application/vnd.api+json' \
--header 'Content-Type: application/vnd.api+json'

The above flow results in an Access Token that isn't associated to an end-user. The alternative flow could have been to request an Access Token associated with the Customer user, via the OAuth 2.0 Authorization Code flow.

Admin API

The below flow results in an Access Token that is associated with the Account User, via the OAuth 2.0 Authorization Code flow. The Client Credentials flow above is also applicable to request an Access Token by an Admin Client application.

Follow the below steps to request your first Admin API Access Token, associated with an Organization Account User:

  1. Create a Personal account here
  2. Create an Organization account here
  3. Create an Admin Client application for your new Organization account by
    • specifying the Admin and Confidential options, and
    • providing this debug Redirect URL: https://oauthdebugger.com/debug
  4. Click on the Authorize link next to the Allowed Callback URL and copy the Authorization Code
  5. Take note of the Client ID and Client Secret then base64 encode them as client_id:client_secret e.g. using this tool
  6. Use the cURL command below by
    • replacing {base64-encoded-client_id:client_secret} with the based64 encoded Client ID and Client Secret, and
    • replacing {authorization_code} with the copied Authorization Code
curl --request POST 'https://appibase.com/oauth/token' \
--header 'Authorization: Basic {base64-encoded-client_id:client_secret}' \
--header 'Accept: application/json' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'grant_type=authorization_code' \
--data-urlencode 'code={authorization_code}' \
--data-urlencode 'redirect_uri=https://oauthdebugger.com/debug' \
--data-urlencode 'scope=admin openid profile email'

The OAuth API will respond to the cURL command with a JSON containing the Access Token, as well as the Refresh Token and ID Token, which are applicable to the Authorization Code flow only:

{
  "access_token": "ve4FQbWjp9naWaGvJM0bGStwQeuV-FFA9BI-H0L9g0",
  "token_type":"Bearer",
  "expires_in":7200,
  "refresh_token": "iIIBHaM0GCBP2rVGIq5YhsgLGlsM3JSgefjSBqRhMOY",
  "scope":"admin openid profile email",
  "created_at":1645785334,
  "id_token": "eyJ0eXXXAifQ.eyJpc3XXXk1yYWJldCJ9.sLBZpXXX8NHYXk"
}

Using Postman

To get started using Postman instead of cURL, we have created a Collection, ready to be forked and updated with the relevant variables, to not only get an Access Token but also to make the first API calls more conveniently.

Follow the below steps to request an Access Tokens, whether it's for the Storefront API or the Admin API and also whether it's a Client token or an End-User token.

You can kip the first two steps if the Organization account has already been created.

  1. Create a Personal account here
  2. Create an Organization account here
  3. Create a Storefront or Admin Client application for your new Organization account
  4. Take note of the application's Client ID and Client Secret as well as the Organization account ID from here
  5. Go to this Postman Collection and fork it in your workspace
  6. Follow the remaining instructions in the Postman Collection's Documentation page to request an Access Token and make your first API request