SDK
APIs
Community
Plugins
Templates
     
Introduction
Authentication
Documentation
Products
GET
» WebCommander API Authentication

WebCommander API Authentication

Introduction

To interact with the WebCommander API, all requests must be authenticated using OAuth 2.0. This process involves requesting an access token, which is used to authorize each API call.

Obtaining an Access Token

To authenticate, you'll need to obtain an access token by making a request to the OAuth 2.0 Token API. This access token will be included in the headers of all subsequent API requests.

Authentication Endpoint

  • URL: /api/v4/oauth2/token
  • Method: POST
  • Content-Type: application/json

Request Parameters

In your request, you must send the following parameters:

{
    "grant_type": "client_credentials",
    "auth_string": "AUTH_STRING",
    "redirect_uri": "REDIRECT_URI",
    "client_id": "CLIENT_ID",
    "client_secret": "CLIENT_SECRET"
}

Parameter Descriptions

ParameterDescription
grant_typeSet this to "client_credentials". This is the OAuth 2.0 flow used to obtain an access token for API access.
auth_stringA base64-encoded authentication string containing your credentials in the format username:password.
redirect_uriThe redirect URI specified during the application setup.
client_idYour application's client ID, provided when you registered your application.
client_secretYour application's client secret.

Example Request

{
    "grant_type": "client_credentials",
    "auth_string": "bmV3d2M3QG15d2ViY29tbWFuZGVyLmNvbTpuZXd3YzdAbXl3ZWJjb21tYW5kZXIuY29t",
    "redirect_uri": "https://api.webcommander.com/oauth-callback",
    "client_id": "f6681a45ad483e3c0a37016561d5b8be",
    "client_secret": "14e72a77d9125429b0c514010ddb0e46"
}

API Response

Upon a successful request, you will receive a response containing the access token and refresh token.

{
    "access_token": "ACCESS_TOKEN",
    "refresh_token": "REFRESH_TOKEN",
    "expires_in": 3600
}

Response Details

FieldDescription
access_tokenThe token to include in the Authorization header of all API requests.
refresh_tokenToken to use for obtaining a new access token without re-authenticating.
expires_inDuration in seconds before the access token expires (typically 3600 seconds or 1 hour).

Using the Access Token

Once you have obtained the access token, you will need to include it in the Authorization header of each API request.

access_token: ACCESS_TOKEN

Example Header

access_token: ZTcwL2Q3N2IsODU4NjFgNDIsMjRkMiwzYzg0LGE4ZWIsNjMzYTZlMDNiZWVgLDgvMDMsYWMyMDc=

Summary

  1. Send a POST request to the /api/v4/oauth2/token endpoint with your client_id, client_secret, and auth_string.
  2. Extract the access_token from the response.
  3. Add the access_token to the Authorization header of every API request to authenticate.
Terms and Conditions
Privacy Policy

© 2025 WebCommander | All Rights Reserved

info@webcommander.com.au
1300 797 471

WebCommander
About Us
Features
Pricing
Compare
Partners
Contact Us
Resource
Find a Partner
Help Centre
Community
Blog
Solutions
Inventory Management
Omnichannel Sales
Ecommerce Automation
B2B Ecommerce
Headless Commerce
Website Design and Performance