API Requests

Requests to the Appibase APIs require authentication to the Resource Server or the Authorization Server.

Authenticated API calls require sending a Bearer token or Basic authentication credentials in the Authorization header.

Resource Server


All requests to the Storefront API or Admin API must use a Bearer token authentication in order to access protected resources.

Each request to the Resource Server must include a valid Access Token in the Authorization header of the HTTPS request:

'Authorization: Bearer {access_token}'

Base URL

The base URL for the Storefront API or Admin API is:


Where account_id is your unique organization account ID.


The Resource Server APIs require the use of the JSON:API media type (application/vnd.api+json) for exchanging data. This follows the JSON:API Specification in the way it accepts requests and returns responses in a JSON format.

When making requests to protected resources, the following headers apply:

'Accept: application/vnd.api+json'
'Content-Type: application/vnd.api+json'

Authorization Server


Most requests to the OAuth API require the use of Basic authentication in order to retrieve an Access Token or make other OAuth queries, such as introspecting or revoking a token.

Such requests to the Authorization Server must use a base64 encoded representation of the Client application’s credentials in the Authorization header:

'Authorization: Basic {base64_credentials}'

Other OAuth queries such as getting token or user info, require the use of a Bearer token to retrieve the relevant info from it.

Base URL

The base URL for the OAuth API is:


Where account_id is your unique organization account ID.


The Authorization Server API requires the use of the urlencoded media type (application/x-www-form-urlencoded) for the Request Body and responds with the JSON media type (application/json) in the Response Body.

When making requests to the OAuth API, the following headers apply:

'Accept: application/json'
'Content-Type: application/x-www-form-urlencoded'