To get started with Appibase and be able to make your first API call, your application will need to get hold of an Access Token.
An Access Token is obtained by using an OAuth 2.0 Client application's credentials and making a request to the token endpoint of the OAuth API.
Follow the below steps to request your first Storefront API Access Token:
{base64-encoded-client_id}
with the based64 encoded Client IDcurl --request POST 'https://appibase.com/oauth/token' \
--header 'Authorization: Basic {base64-encoded-client_id}' \
--header 'Accept: application/json' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'grant_type=client_credentials' \
--data-urlencode 'scope=storefront client'
The OAuth API will respond to the cURL command with a JSON containing the Access Token such as this:
{
"access_token":"lFD4QXrKOp3taYhuw73oj7sJBHvtexW7ucWUH-8ifwc",
"token_type":"Bearer",
"expires_in":7200,
"scope":"storefront client",
"created_at":1645785334
}
Any request to the Storefront API requires the Access Token to be included in the Authorization header as a Bearer token e.g.
--header 'Authorization: Bearer {access_token}' \
--header 'Accept: application/vnd.api+json' \
--header 'Content-Type: application/vnd.api+json'
The above flow results in an Access Token that isn't associated to an end-user. The alternative flow could have been to request an Access Token associated with the Customer user, via the OAuth 2.0 Authorization Code flow.
The below flow results in an Access Token that is associated with the Account User, via the OAuth 2.0 Authorization Code flow. The Client Credentials flow above is also applicable to request an Access Token by an Admin Client application.
Follow the below steps to request your first Admin API Access Token, associated with an Organization Account User:
https://oauthdebugger.com/debug
client_id:client_secret
e.g. using this tool{base64-encoded-client_id:client_secret}
with the based64 encoded Client ID and Client Secret, and{authorization_code}
with the copied Authorization Codecurl --request POST 'https://appibase.com/oauth/token' \
--header 'Authorization: Basic {base64-encoded-client_id:client_secret}' \
--header 'Accept: application/json' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'grant_type=authorization_code' \
--data-urlencode 'code={authorization_code}' \
--data-urlencode 'redirect_uri=https://oauthdebugger.com/debug' \
--data-urlencode 'scope=admin openid profile email'
The OAuth API will respond to the cURL command with a JSON containing the Access Token, as well as the Refresh Token and ID Token, which are applicable to the Authorization Code flow only:
{
"access_token": "ve4FQbWjp9naWaGvJM0bGStwQeuV-FFA9BI-H0L9g0",
"token_type":"Bearer",
"expires_in":7200,
"refresh_token": "iIIBHaM0GCBP2rVGIq5YhsgLGlsM3JSgefjSBqRhMOY",
"scope":"admin openid profile email",
"created_at":1645785334,
"id_token": "eyJ0eXXXAifQ.eyJpc3XXXk1yYWJldCJ9.sLBZpXXX8NHYXk"
}
To get started using Postman instead of cURL, we have created a Collection, ready to be forked and updated with the relevant variables, to not only get an Access Token but also to make the first API calls more conveniently.
Follow the below steps to request an Access Tokens, whether it's for the Storefront API or the Admin API and also whether it's a Client token or an End-User token.
You can kip the first two steps if the Organization account has already been created.