> For the complete documentation index, see [llms.txt](https://docs.digitalriver.com/commerce-api/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.digitalriver.com/commerce-api/master/sending-api-calls.md).

# Sending API calls

Sending API (Application Programming Interface) calls in web and mobile applications facilitates data exchange and application functionality. These API calls enable developers to access external services or data sources securely and efficiently. Understanding how to send these requests properly and knowing the authentication requirements is crucial for building robust and secure applications. This guide will explore the steps and permissions required for making API calls to Shopper and Admin APIs, focusing on authentication mechanisms such as API keys and shopper tokens where applicable.

## API calls that require an API key and shopper token

When accessing [Shopper APIs](/commerce-api/shopper-apis/shopper-basics.md) such as the [shoppers](/commerce-api/shopper-apis/shoppers.md), [account](/commerce-api/shopper-apis/shoppers/managing-a-shoppers-account.md), [addresses](/commerce-api/shopper-apis/shoppers/managing-a-shoppers-address.md), [product discovery](/commerce-api/shopper-apis/product-discovery.md), [cart](/commerce-api/shopper-apis/cart.md), [orders](/commerce-api/shopper-apis/orders-1.md), and [subscriptions](https://docs.digitalriver.com/commerce-api-references/commerce-api-reference-guide/admin-apis-reference/subscriptions), you need a [confidential API key](https://docs.digitalriver.com/commerce-api-references/commerce-api-reference-guide/api-structure/api-keys#confidential-keys) with [Shopper APIs permission](/commerce-api/master/roles-and-permissions.md#commerce-api-suite-roles-and-permissions) and a shopper token.&#x20;

## API calls that only require an API key

When accessing [Admin APIs](/commerce-api/admin-apis/admin-basics.md) for [product ](/commerce-api/admin-apis/product-management.md)and [subscription management](/commerce-api/admin-apis/subscription-management.md), use a [confidential API key ](https://docs.digitalriver.com/commerce-api-references/commerce-api-reference-guide/api-structure/api-keys#confidential-keys)with [Admin APIs permission](/commerce-api/master/roles-and-permissions.md#commerce-api-suite-roles-and-permissions).

## API calls that require an API key and `/auth`

For [refund management](/commerce-api/admin-apis/refunds.md), use a confidential API key with [Admin APIs permission](/commerce-api/master/roles-and-permissions.md#commerce-api-suite-roles-and-permissions) and `/auth`.&#x20;

## Sending an API call using `/auth`

If you want to send a [Refunds ](/commerce-api/admin-apis/refunds.md)request, you must supply your [confidential API key ](https://docs.digitalriver.com/commerce-api-references/commerce-api-reference-guide/api-structure/api-keys#confidential-keys)with `/auth`. Include your Global Commerce username and encoded password with the `/auth`. Global Commerce will authenticate the credentials.

{% hint style="success" %}
**Hint**: When using a Postman collection,  provide your Global Commerce credentials in the  `csrUserName` and `csrPassword` fields.
{% endhint %}

For example, a Global Commerce user with the Customer Service Director, Customer Service Supervisor, or Customer Service Representative role can access the `/auth` service to get the `access_token` and then use that `access_token` to [create a satisfaction refund](/commerce-api/admin-apis/refunds/creating-a-satisfaction-refund.md).

{% tabs %}
{% tab title="POST /auth" %}

```json
curl --location --request POST 'https:///api.digitalriver.com/auth' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--header 'Accept: application/json' \
--header 'Authorization: Basic {{confidential_key}}=' \
--data-urlencode 'grant_type=password' \
--data-urlencode 'username={{username}}' \
--data-urlencode 'password={{password}}'
```

{% endtab %}
{% endtabs %}


---

# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.

## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter:

```
GET https://docs.digitalriver.com/commerce-api/master/sending-api-calls.md?ask=<question>&goal=<endgoal>
```

`ask` is the immediate question: it should be specific, self-contained, and written in natural language.
`goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal.

The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.