Versions Compared

Version Old Version 1 New Version 2
Changes made by

Jo Dybdal (Deactivated)

Jo Dybdal (Deactivated)

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Code Block
languagejs
CLIENT_ID="my client id"
CLIENT_SECRET="my client secret"
API_USERNAME="my KODE API username"
API_PASSWORD="my KODE API password"

To get this information, please contact support@ambita.com

Obtain a token for the frontend components

In order to obtain a token, run the following with grant_type trusted in your backend application

Code Block
languagejs
curl -s -H  "Content-Type: application/json" https://beta-api.ambita.com:443/authentication/v2/token -d "
        {
                \"grant_type\": \"passwordtrusted\",
                \"client_id\": \"CLIENT_ID\",
                \"client_secret\": \"CLIENT_SECRET\",
                \"username\": \"API_USERNAME\",
                \"password\": \"API_PASSWORDuser1\"
        }"

Example response

Code Block
languagejson
{
  "access_token": "ej577asf-a5k6-42yq-a3a2-fh03hb8cb58c",
  "token_type": "Bearer",
  "expires_in": 3600,
  "refresh_token": "aj274ajd-t1s8-48sk-v5m1-shf64j9bq25a",
  "scope": [
    "shopping.read",
    "shopping.write",
    "productcatalog.read"
  ]
}

The access_token is valid for 1 hour and should be reused until it expires. When the token expires, the API will return 401 UNAUTHORIZED.

...

Obtain a token for your backend

In order to obtain a token, run the following with grant_type client_credentials

Code Block
languagejs
curl -s -H  "Content-Type: application/json" https://beta-api.ambita.com:443/authentication/v2/token -d "
        {
                \"grant_type\": \"refreshclient_tokencredentials\",
                \"refreshclient_tokenid\": \"aj274ajd-t1s8-48sk-v5m1-shf64j9bq25a\"CLIENT_ID\",
             }"

The refresh_token is valid for 30 days and should be stored securely and only be used to get new access_token. The refresh token grant_type will also return a new refresh_token, you should replace your existing refresh_token with the new one, the new refresh_token is valid for another 30 days. If the refresh_token expires, you need to authenticate with client, credentials and grant_type password again.

...

   \"client_secret\": \"CLIENT_SECRET\"
        }"

The token should be a request header and should be added in the Authorization header as shown below in every call to our api from your backend, except when obtaining the token.

Code Block
languagejs
curl -s \
      -H "Content-Type: application/json" \
      -H "Authorization: Bearer ej577asf-a5k6-42yq-a3a2-fh03hb8cb58c" \
      .....

More information about OAuth can be found here: https://www.oauth.com/