Sending API calls

Learn how to send API calls using either /auth or an API key.

Sending API (Application Programming Interface) calls in web and mobile applications facilitates data exchange and application functionality. These API calls enable developers to access external services or data sources securely and efficiently. Understanding how to send these requests properly and knowing the authentication requirements is crucial for building robust and secure applications. This guide will explore the steps and permissions required for making API calls to Shopper and Admin APIs, focusing on authentication mechanisms such as API keys and shopper tokens where applicable.

API calls that require an API key and shopper token

When accessing Shopper APIs such as the shoppers, account, addresses, product discovery, cart, orders, and subscriptions, you need a confidential API key with Shopper APIs permission and a shopper token.

API calls that only require an API key

When accessing Admin APIs for product and subscription management, use a confidential API key with Admin APIs permission.

API calls that require an API key and /auth

For refund management, use a confidential API key with Admin APIs permission and /auth.

Sending an API call using /auth

If you want to send a Refunds request, you must supply your confidential API key with /auth. Include your Global Commerce username and encoded password with the /auth. Global Commerce will authenticate the credentials.

Hint: When using a Postman collection, provide your Global Commerce credentials in the csrUserName and csrPassword fields.

For example, a Global Commerce user with the Customer Service Director, Customer Service Supervisor, or Customer Service Representative role can access the /auth service to get the access_token and then use that access_token to create a satisfaction refund.

curl --location --request POST 'https:///api.digitalriver.com/auth' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--header 'Accept: application/json' \
--header 'Authorization: Basic {{confidential_key}}=' \
--data-urlencode 'grant_type=password' \
--data-urlencode 'username={{username}}' \
--data-urlencode 'password={{password}}'

Last updated