Visit Main Site
Join Partner Program
Login
     
Introduction
Authentication
Documentation
Category
GET
POST
PUT
DELETE
Products
GET
POST
PUT
DELETE
Carts
GET
POST
PATCH
DELETE
Variations
GET
POST
PUT
DELETE
Currency
GET
POST
PUT
DELETE
Tax
Tax Profile
GET
POST
PUT
DELETE
Tax Rule
GET
POST
PUT
DELETE
Tax Code
GET
POST
PUT
DELETE
Tax Zone
GET
POST
PUT
DELETE
Discount
GET
POST
PUT
DELETE
Shipping
Shipping Profile
GET
POST
PUT
DELETE
Shipping Rate
GET
POST
PUT
DELETE
Shipping Rules
GET
POST
PUT
DELETE
Customer
GET
POST
PUT
DELETE
Orders
GET
POST
PATCH
Blog
GET
POST
PUT
DELETE
Settings
GET
» WebCommander API Authentication

WebCommander API Authentication

Introduction

To interact with the WebCommander API, all requests must be authenticated using OAuth 2.0. This process involves requesting an access token, which is used to authorize each API call.

Obtaining an Access Token

To authenticate, you'll need to obtain an access token by making a request to the OAuth 2.0 Token API. This access token will be included in the headers of all subsequent API requests.

Authentication Endpoint

  • URL: /api/v4/oauth2/token
  • Method: POST
  • Content-Type: application/json

Request Parameters

In your request, you must send the following parameters:

JSON 
{
    "grant_type": "client_credentials",
    "auth_string": "AUTH_STRING",
    "redirect_uri": "REDIRECT_URI",
    "client_id": "CLIENT_ID",
    "client_secret": "CLIENT_SECRET"
}
POST
https://wcapi.mywebcommander.com/api/v4/oauth2/token
Try It Out

Parameter Descriptions

ParameterDescription
grant_typeSet this to "client_credentials". This is the OAuth 2.0 flow used to obtain an access token for API access.
auth_stringA base64-encoded authentication string containing your credentials in the format username:password.
redirect_uriThe redirect URI specified during the application setup.
client_idYour application's client ID, provided when you registered your application.
client_secretYour application's client secret.

Example Request

JSON 
{
    "grant_type": "client_credentials",
    "auth_string": "bmV3d2M3QG15d2ViY29tbWFuZGVyLmNvbTpuZXd3YzdAbXl3ZWJjb21tYW5kZXIuY29t",
    "redirect_uri": "https://api.webcommander.com/oauth-callback",
    "client_id": "f6681a45ad483e3c0a37016561d5b8be",
    "client_secret": "14e72a77d9125429b0c514010ddb0e46"
}

API Response

Upon a successful request, you will receive a response containing the access token and refresh token.

JSON 
{
    "access_token": "ACCESS_TOKEN",
    "refresh_token": "REFRESH_TOKEN",
    "expires_in": 3600
}

Response Details

FieldDescription
access_tokenThe token to include in the Authorization header of all API requests.
refresh_tokenToken to use for obtaining a new access token without re-authenticating.
expires_inDuration in seconds before the access token expires (typically 3600 seconds or 1 hour).

Using the Access Token

Once you have obtained the access token, you will need to include it in the Authorization header of each API request.

JSON 
access_token: ACCESS_TOKEN

Example Header

JSON 
access_token: ZTcwL2Q3N2IsODU4NjFgNDIsMjRkMiwzYzg0LGE4ZWIsNjMzYTZlMDNiZWVgLDgvMDMsYWMyMDc=

Summary

  1. To obtain your client_id and client_secret, please contact our support team. These credentials are required for authenticating and making seamless API requests.
  2. Send a POST request to the /api/v4/oauth2/token endpoint with your client_id, client_secret, and auth_string.
  3. Extract the access_token from the response.
  4. Add the access_token to the Authorization header of every API request to authenticate.
Terms and Conditions
Privacy Policy

© 2024 WebCommander | All Rights Reserved

contact@webcommander.com
 1300 797 571

WebCommander
About Us
Features
Pricing
Compare
Partners
Contact Us
Resource
Find a Partner
Help Centre
Community
Blog
Solutions
Inventory Management
Omnichannel Sales
Ecommerce Automation
B2B Ecommerce
Headless Commerce
Website Design and Performance