Book virtual office hours

Generating access token

Follow these steps to generate access token

Step 1 -> Create a custom app

  • Login to your Eshopbox workspace

  • Navigate to Apps > Create a custom app. Fill up the short form describing your app

  • You can select to install the app in the current workspace. For test mode, you can also create a new development workspace.

  • App will be created and pre-installed in the selected workspace. You can now copy the client_id, client_secret and refresh_token

Step 2 -> Turn an app into a sales channel app (optional)

This step is required you are integrating a sales channel with Eshopbox workspace.

  • In the Sales channel section, click Turn app into sales channel.

  • On the next step, please select the field your app will use to identify the product while managing the inventory, creating and managing orders. Your app will use the value stored in this field to identify products while creating orders.

Step 3 -> Refreshing access token

You need to exchange the Refresh Token you received in Step 1 for a Access Token, make a POST request to the /oauth/token endpoint in the Authentication API, using grant_type=refresh_token

POST https://auth.myeshopbox.com/api/v1/generateToken

In your request, the following parameters must be provided in the request body:

  • client_id: The API key for the app, as defined in the step 1

  • client_secret: The API secret key for the app, as defined in the step 1

  • grant_type: The type of grant to execute. Use refresh_token to refresh a token.

  • refresh_token: The Refresh Token to use.

The server responds with an access token:

{
    "access_token": "eyJhbGciOiJSUzI1N...InR5cCI6IkpXVCIsI",
    "id_token": "eyyRwffpgDlOyAxcv...OkguyrSHtteckIyueW",
    "scope": "openid profile offline_access",
    "expires_in": 86400,
    "token_type": "Bearer"
}

The following values are returned:

  • access_token: An API access token you will use for subsequent authenticated requests to the API. Your app should store the token somewhere to make authenticated requests.

  • scope: The list of access scopes that were granted to the application and are associated with the access token. For example, scope=openid,profile.

  • expires_in: The number of seconds until the access token expires.

  • token_type: The access token type provides the client with the information required to successfully utilize the access token to make a protected resource request (along with type-specific attributes). Right now this will only be Bearer. You need to keep regenerating the access token before it expires as mentioned in the expires_in field. Learn more Now you can use the access_token to make Authenticated API requests.

PreviousAuthenticationNextRefresh Access Token

Last updated

Was this helpful?