LogoLogo
Shopper APIs reference
Shopper APIs reference
  • Shopper APIs reference
  • OAuth
    • Tokens
    • Access tokens
  • Shoppers
    • Shoppers
    • Addresses
    • Payment options
  • Browse (product discovery)
    • Categories
    • Products
    • Product variations
    • Pricing
    • Inventory status
    • Financing
    • Offers
    • Purchase plan
    • Find a purchase plan
    • Authorize a purchase plan
  • Cart
    • Apply a shopper to a cart
    • Line items
    • Billing address
    • Shipping address
    • Payment methods
    • Shipping options
    • Web checkout
    • Submit a cart
    • Apply or detach payment methods
    • Apply a shipping option
    • Carts
    • Cart offers
    • API trigger offer
    • Resume cart
    • Third-party subscription engine
    • Tax registration
    • Price override
  • Orders
    • Orders
    • Order lookup
    • Order address
    • Returns
  • Subscriptions
    • Manage a subscription
    • Manage the subscription's renewal plan
    • Immediate midterm change
    • Payment
    • Address
    • Orders
    • Pending actions
    • Retrieve subscriptions
    • Subscription billing and shipping addresses
Powered by GitBook
On this page
  1. OAuth

Tokens

PreviousShopper APIs referenceNextAccess tokens

Last updated 4 months ago

  • POSTAuthenticated shopper token (Digital River hosted shopper)
  • POSTAnonymous shopper token
  • POSTAuthenticated shopper token (Client Hosted Shopper)

Authenticated shopper token (Digital River hosted shopper)

post

Use this ROPC (Resource Owner Password Credentials) Grant OAuth flow when Digital River maintains the shopper's login and password. Request a full access token for the authenticated shopper by providing the shopper's username and password. Use the Client Credentials Grant OAuth flow if the Digital River partner maintains the shopper login and password credentials. The authenticated shopper token will expire after a period (86400 seconds by default). If the shopper wants to continue the shopping flow after the token expires, use the refresh_token grant type with the refresh token from the previous create token response to get a new authenticated shopper token to continue. Or use the shopper's credentials and password grant type to create a new authenticated shopper token. Security requires HTTP basic authentication (base-64 encoded), a user API key, and a password (secret key). Important: Never expose or visibly display the Limited or Full Access Tokens requested by the APIs to the customer (such as plain text in a cookie). Suppose a customer has access to these tokens. They could bypass any restrictions built into the store frontend and place orders directly on our systems via publicly documented APIs.

Body
dr_limited_tokenstringOptional

Provide the limited access token used to identify the anonymous shopper session when transferring the anonymous shopper session and shopping cart to a specific authenticated shopper.

dr_session_tokenstringOptional

Provide the shopper's session-aware token for a Digital River-hosted solution when transferring the shopper session and shopping cart to a specific authenticated shopper.

grant_typestring · enumRequired

Use "password" as the grant type when an anonymous shopper or Digital River maintains the shopper's login and password credentials. Use "refresh_token" as the grant type to continue the shopping flow for the previous shopper.

Possible values:
passwordstringRequired

Valid only for ROPC grant types. A shopper's password is required when creating an authenticated shopper token.

usernamestringRequired

Valid only for ROPC grant types. A shopper's username is required when creating an authenticated shopper token.

Responses
200
Successful response.
application/json
400
* dr_limited_token_invalid * invalid_request
application/json
401
* invalid_client * invalid_request
application/json
post
POST /oauth20/token (DR hosted shopper) HTTP/1.1
Host: api.digitalriver.com
Content-Type: application/x-www-form-urlencoded
Accept: */*
Content-Length: 123

"dr_limited_token='text'&dr_session_token='text'&grant_type='client_credentials'&password='text'&username='text'"
{
  "access_token": "your_access_token",
  "token_type": "bearer",
  "expires_in": "3599",
  "refresh_token": "your_refresh_token"
}

Anonymous shopper token

post

Request an anonymous shopper token for a public or confidential application. Use an anonymous shopper token when the shopper wants to shop anonymously. The anonymous shopper token will expire after some a certain time (86400 seconds by default). If the shopper wants to continue the shopping flow when the token is expired, use the refresh_token enum for the grant type with the refresh token from the previous create token response to get a new anonymous shopper token to continue. Security requires HTTP basic authentication (base-64 encoded), a user API key, and a password (secret key). Important: Never expose or visibly display the Limited or Full Access Tokens requested by the APIs to the customer (such as plain text in a cookie). Suppose a customer has access to these tokens. They could bypass any restrictions built into the store frontend and place orders directly on our systems via publicly documented APIs.

Body
dr_session_tokenstringOptional

Provide the shopper's session-aware token for a Digital River-hosted solution when transferring the shopper session and shopping cart to a specific authenticated shopper.

grant_typestring · enumRequired

Use "refresh_token" as the grant type to continue the shopping flow for the previous shopper.

Possible values:
Responses
200
Successful response.
application/json
401
* invalid_client * invalid_request
application/json
post
POST /oauth20/token (Anonymous shopper token) HTTP/1.1
Host: api.digitalriver.com
Content-Type: application/x-www-form-urlencoded
Accept: */*
Content-Length: 61

"dr_session_token='text'&grant_type='client_credentials'"
{
  "access_token": "your_access_token",
  "token_type": "bearer",
  "expires_in": "3599",
  "refresh_token": "your_refresh_token"
}

Authenticated shopper token (Client Hosted Shopper)

post

Use this Client Credentials Grant OAuth flow when the Digital River partner maintains the shopper login and password credentials. Request a full access token for the authenticated shopper by providing the shopper's external reference identifier and the client_credentials enum as the grant type. Security requires HTTP basic authentication (base-64 encoded), a user API key, and a password (secret key). Important: Never expose or visibly display the Limited or Full Access Tokens requested by the APIs to the customer (such as plain text in a cookie). Suppose a customer has access to these tokens. They could bypass any restrictions built into the store frontend and place orders directly on our systems via publicly documented APIs.

Body
dr_external_reference_idstringRequired

Provide the external reference ID when requesting an authenticated shopper token for a shopper maintained by a Digital River partner.

dr_limited_tokenstringOptional

Provide the limited access token used to identify the anonymous shopper session when transferring the anonymous shopper session and shopping cart to a specific authenticated shopper.

dr_session_tokenstringOptional

Provide the shopper's session-aware token for a Digital River-hosted solution when transferring the shopper session and shopping cart to a specific authenticated shopper.

grant_typestring · enumRequired

Use "client_credentials" as the grant type when the Digital River partner maintains the shopper login and password credentials. Use "refresh_token" as the grant type to continue the shopping flow for an authenticated shopper.

Possible values:
Responses
200
Successful response.
application/json
400
* dr_limited_token_invalid * invalid_request
application/json
401
* invalid_client * invalid_request
application/json
post
POST /oauth20/token (Client Hosted Shopper) HTTP/1.1
Host: api.digitalriver.com
Content-Type: application/x-www-form-urlencoded
Accept: */*
Content-Length: 121

"dr_external_reference_id='text'&dr_limited_token='text'&dr_session_token='text'&grant_type='client_credentials'"
{
  "access_token": "your_access_token",
  "token_type": "bearer",
  "expires_in": "3599"
}