Versions Compared

Version Old Version 3 New Version Current
Changes made by

Jo Dybdal (Deactivated)

Andris Nolendorfs

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Before you start you need to obtain the following information

Code Block
languagejs
CLIENT_ID="my client id"
CLIENT_SECRET="my client secret"
API_USERNAME="my KODE API username"
API_PASSWORD="my KODE API password"

To get this information, please contact support@ambita.com

In order to obtain a token, run the following

Code Block
languagejs
curl -s -H  "Content-Type: application/json" https://beta-api.ambita.com:443/authentication/v2/token -d "
        {
                \"grant_type\": \"password\",
                \"client_id\": \"CLIENT_ID\",
                \"client_secret\": \"CLIENT_SECRET\",
                \"username\": \"API_USERNAME\",
                \"password\": \"API_PASSWORD\"
        }"

Example response

Code Block
languagejson
{
  "access_token": "ej577asf-a5k6-42yq-a3a2-fh03hb8cb58c",
  "token_type": "Bearer",
  "expires_in": 3600,
  "refresh_token": "aj274ajd-t1s8-48sk-v5m1-shf64j9bq25a",
  "scope": [
    "shoppingkode.order.write",
    "kode.order.read",
    "shoppingkode.product.writeread",
    "productcatalogkode.price.read",
    ...
  ]
}

The access_token is valid for 1 hour and should be reused until it expires. When the token expires, the API will return 401 UNAUTHORIZED.

To get a new access_token you can use the refresh token grant_type

Code Block
languagejs
curl -s -H  "Content-Type: application/json" https://beta-api.ambita.com:443/authentication/v2/token -d "
        {
                \"grant_type\": \"refresh_token\",
                \"refresh_token\": \"aj274ajd-t1s8-48sk-v5m1-shf64j9bq25a\"
        }"

The refresh_token is valid for 30 days and should be stored securely and only be used to get new access_token. The refresh token grant_type will also return a new refresh_token, you should replace your existing refresh_token with the new one, the new refresh_token is valid for another 30 days. If the refresh_token expires, you need to authenticate with client, credentials and grant_type password again.

More information about OAuth can be found here: https://www.oauth.com/

The token should be a request header and should be added in the Authorization header as shown below

Code Block
languagejs
curl -s \
      -H "Content-Type: application/json" \
      -H "Authorization: Bearer ej577asf-a5k6-42yq-a3a2-fh03hb8cb58c" \
      .....