Requests to the Appibase APIs require authentication to the Resource Server or the Authorization Server.
Authenticated API calls require sending a Bearer token or Basic authentication credentials in the Authorization header.
All requests to the Storefront API or Admin API must use a Bearer token authentication in order to access protected resources.
Each request to the Resource Server must include a valid Access Token in the Authorization
header of the HTTPS request:
'Authorization: Bearer {access_token}'
The base URL for the Storefront API or Admin API is:
https://appibase.com/{account_id}/api/v1
Where account_id
is your unique organization account ID.
The Resource Server APIs require the use of the JSON:API media type (application/vnd.api+json
) for exchanging data. This follows the JSON:API Specification in the way it accepts requests and returns responses in a JSON format.
When making requests to protected resources, the following headers apply:
'Accept: application/vnd.api+json'
'Content-Type: application/vnd.api+json'
Most requests to the OAuth API require the use of Basic authentication in order to retrieve an Access Token or make other OAuth queries, such as introspecting or revoking a token.
Such requests to the Authorization Server must use a base64 encoded representation of the Client application’s credentials in the Authorization
header:
'Authorization: Basic {base64_credentials}'
Other OAuth queries such as getting token or user info, require the use of a Bearer token to retrieve the relevant info from it.
The base URL for the OAuth API is:
https://appibase.com/{account_id}/oauth
Where account_id
is your unique organization account ID.
The Authorization Server API requires the use of the urlencoded media type (application/x-www-form-urlencoded
) for the Request Body and responds with the JSON media type (application/json
) in the Response Body.
When making requests to the OAuth API, the following headers apply:
'Accept: application/json'
'Content-Type: application/x-www-form-urlencoded'