Generating access token
Last updated
Last updated
Follow these steps to generate access token
Login to your Eshopbox workspace
Navigate to Apps > Create a custom app. Fill up the short form describing your app
You can select to install the app in the current workspace. For test mode, you can also create a new development workspace.
App will be created and pre-installed in the selected workspace. You can now copy the client_id
, client_secret
and refresh_token
This step is required you are integrating a sales channel with Eshopbox workspace.
In the Sales channel section, click Turn app into sales channel.
On the next step, please select the field your app will use to identify the product while managing the inventory, creating and managing orders. Your app will use the value stored in this field to identify products while creating orders.
You need to exchange the Refresh Token you received in Step 1 for a Access Token, make a POST
request to the /oauth/token
endpoint in the Authentication API, using grant_type=refresh_token
In your request, the following parameters must be provided in the request body:
client_id
: The API key for the app, as defined in the step 1
client_secret
: The API secret key for the app, as defined in the step 1
grant_type
: The type of grant to execute. Use refresh_token
to refresh a token.
refresh_token
: The Refresh Token to use.
The server responds with an access token:
The following values are returned:
access_token
: An API access token you will use for subsequent authenticated requests to the API. Your app should store the token somewhere to make authenticated requests.
scope
: The list of access scopes that were granted to the application and are associated with the access token. For example, scope=openid,profile
.
expires_in
: The number of seconds until the access token expires.
token_type
: The access token type provides the client with the information required to successfully utilize the access token to make a protected resource request (along with type-specific attributes). Right now this will only be Bearer
.
You need to keep regenerating the access token before it expires as mentioned in the expires_in
field. Learn more
Now you can use the access_token
to make Authenticated API requests.