Tokens
Last updated
Shopper APIs reference
Last updated
Use this ROPC (Resource Owner Password Credentials) Grant OAuth flow when Digital River maintains the shopper's login and password. <br> <br> Request a full access token for the authenticated shopper by providing the shopper's username and password. Use the Client Credentials Grant OAuth flow if the Digital River partner maintains the shopper login and password credentials. <br> <br> The authenticated shopper token will expire after a period (86400 seconds by default). If the shopper wants to continue the shopping flow after the token expires, use the refresh_token grant type with the refresh token from the previous create token response to get a new authenticated shopper token to continue. Or use the shopper's credentials and password grant type to create a new authenticated shopper token. <br/> <br/> Security requires HTTP basic authentication (base-64 encoded), a user API key, and a password (secret key). <br> <br> <b>Important</b>: Never expose or visibly display the Limited or Full Access Tokens requested by the APIs to the customer (such as plain text in a cookie). Suppose a customer has access to these tokens. They could bypass any restrictions built into the store frontend and place orders directly on our systems via publicly documented APIs.
/oauth20/token (DR hosted shopper)
Provide the limited access token used to identify the anonymous shopper session when transferring the anonymous shopper session and shopping cart to a specific authenticated shopper.
Provide the shopper's session-aware token for a Digital River-hosted solution when transferring the shopper session and shopping cart to a specific authenticated shopper.
Valid only for ROPC grant types. A shopper's password is required when creating an authenticated shopper token.
Valid only for ROPC grant types. A shopper's username is required when creating an authenticated shopper token.
Use "password" as the grant type when an anonymous shopper or Digital River maintains the shopper's login and password credentials. Use "refresh_token" as the grant type to continue the shopping flow for the previous shopper.
client_credentials, password, refresh_tokenRequest an anonymous shopper token for a public or confidential application. Use an anonymous shopper token when the shopper wants to shop anonymously. The anonymous shopper token will expire after some a certain time (86400 seconds by default). <br> <br> If the shopper wants to continue the shopping flow when the token is expired, use the refresh_token enum for the grant type with the refresh token from the previous create token response to get a new anonymous shopper token to continue. <br> <br> Security requires HTTP basic authentication (base-64 encoded), a user API key, and a password (secret key). <br> <br> <b>Important</b>: Never expose or visibly display the Limited or Full Access Tokens requested by the APIs to the customer (such as plain text in a cookie). Suppose a customer has access to these tokens. They could bypass any restrictions built into the store frontend and place orders directly on our systems via publicly documented APIs.
/oauth20/token (Anonymous shopper token)
Provide the shopper's session-aware token for a Digital River-hosted solution when transferring the shopper session and shopping cart to a specific authenticated shopper.
Use "refresh_token" as the grant type to continue the shopping flow for the previous shopper.
client_credentials, password, refresh_tokenUse this Client Credentials Grant OAuth flow when the Digital River partner maintains the shopper login and password credentials. <br> <br> Request a full access token for the authenticated shopper by providing the shopper's external reference identifier and the client_credentials enum as the grant type. <br> <br> Security requires HTTP basic authentication (base-64 encoded), a user API key, and a password (secret key). <br> <br> <b>Important</b>: Never expose or visibly display the Limited or Full Access Tokens requested by the APIs to the customer (such as plain text in a cookie). Suppose a customer has access to these tokens. They could bypass any restrictions built into the store frontend and place orders directly on our systems via publicly documented APIs.
/oauth20/token (Client Hosted Shopper)
Provide the external reference ID when requesting an authenticated shopper token for a shopper maintained by a Digital River partner.
Provide the limited access token used to identify the anonymous shopper session when transferring the anonymous shopper session and shopping cart to a specific authenticated shopper.
Provide the shopper's session-aware token for a Digital River-hosted solution when transferring the shopper session and shopping cart to a specific authenticated shopper.
Use "client_credentials" as the grant type when the Digital River partner maintains the shopper login and password credentials. Use "refresh_token" as the grant type to continue the shopping flow for an authenticated shopper.
client_credentials, password, refresh_token