Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 8 Next »

Before you start you need to obtain the following information

CLIENT_ID="my client id"
CLIENT_SECRET="my client secret"
API_USERNAME="my KODE API username"
API_PASSWORD="my KODE API password"

To get this information, please contact support@ambita.com

In order to obtain a token, run the following

curl -s -H  "Content-Type: application/json" https://beta-api.ambita.com:443/authentication/v2/token -d "
        {
                \"grant_type\": \"password\",
                \"client_id\": \"CLIENT_ID\",
                \"client_secret\": \"CLIENT_SECRET\",
                \"username\": \"API_USERNAME\",
                \"password\": \"API_PASSWORD\"
        }"

Example response

{
  "access_token": "ej577asf-a5k6-42yq-a3a2-fh03hb8cb58c",
  "token_type": "Bearer",
  "expires_in": 3600,
  "refresh_token": "aj274ajd-t1s8-48sk-v5m1-shf64j9bq25a",
  "scope": [
    "shopping.read",
    "shopping.write",
    "productcatalog.read"
  ]
}

The access_token is valid for 1 hour and should be reused until it expires. When the token expires, the API will return 401 UNAUTHORIZED.

To get a new access_token you can use the refresh token grant_type

curl -s -H  "Content-Type: application/json" https://beta-api.ambita.com:443/authentication/v2/token -d "
        {
                \"grant_type\": \"refresh_token\",
                \"refresh_token\": \"aj274ajd-t1s8-48sk-v5m1-shf64j9bq25a\"
        }"

The refresh_token is valid for 30 days and should be stored securely and only be used to get new access_token. The refresh token grant_type will also return a new refresh_token, you should replace your existing refresh_token with the new one, the new refresh_token is valid for another 30 days. If the refresh_token expires, you need to authenticate with client, credentials and grant_type password again.

More information about OAuth can be found here: https://www.oauth.com/

The token should be a request header and should be added in the Authorization header as shown below

curl -s \
      -H "Content-Type: application/json" \
      -H "Authorization: Bearer ej577asf-a5k6-42yq-a3a2-fh03hb8cb58c" \
      .....

  • No labels