# Sending API calls Sending API (Application Programming Interface) calls in web and mobile applications facilitates data exchange and application functionality. These API calls enable developers to access external services or data sources securely and efficiently. Understanding how to send these requests properly and knowing the authentication requirements is crucial for building robust and secure applications. This guide will explore the steps and permissions required for making API calls to Shopper and Admin APIs, focusing on authentication mechanisms such as API keys and shopper tokens where applicable. ## API calls that require an API key and shopper token When accessing [Shopper APIs](https://docs.digitalriver.com/commerce-api/shopper-apis) such as the [shoppers](https://docs.digitalriver.com/commerce-api/shopper-apis/shoppers), [account](https://docs.digitalriver.com/commerce-api/shopper-apis/shoppers/managing-a-shoppers-account), [addresses](https://docs.digitalriver.com/commerce-api/shopper-apis/shoppers/managing-a-shoppers-address), [product discovery](https://docs.digitalriver.com/commerce-api/shopper-apis/product-discovery), [cart](https://docs.digitalriver.com/commerce-api/shopper-apis/cart), [orders](https://docs.digitalriver.com/commerce-api/shopper-apis/orders-1), and [subscriptions](https://app.gitbook.com/s/oUderMtztdH7OKDXmYbI/commerce-api-reference-guide/admin-apis-reference/subscriptions), you need a [confidential API key](https://app.gitbook.com/s/oUderMtztdH7OKDXmYbI/commerce-api-reference-guide/api-structure/api-keys#confidential-keys) with [Shopper APIs permission](https://docs.digitalriver.com/commerce-api/roles-and-permissions#commerce-api-suite-roles-and-permissions) and a shopper token. ## API calls that only require an API key When accessing [Admin APIs](https://docs.digitalriver.com/commerce-api/admin-apis) for [product ](https://docs.digitalriver.com/commerce-api/admin-apis/product-management)and [subscription management](https://docs.digitalriver.com/commerce-api/admin-apis/subscription-management), use a [confidential API key ](https://app.gitbook.com/s/oUderMtztdH7OKDXmYbI/commerce-api-reference-guide/api-structure/api-keys#confidential-keys)with [Admin APIs permission](https://docs.digitalriver.com/commerce-api/roles-and-permissions#commerce-api-suite-roles-and-permissions). ## API calls that require an API key and `/auth` For [refund management](https://docs.digitalriver.com/commerce-api/admin-apis/refunds), use a confidential API key with [Admin APIs permission](https://docs.digitalriver.com/commerce-api/roles-and-permissions#commerce-api-suite-roles-and-permissions) and `/auth`. ## Sending an API call using `/auth` If you want to send a [Refunds ](https://docs.digitalriver.com/commerce-api/admin-apis/refunds)request, you must supply your [confidential API key ](https://app.gitbook.com/s/oUderMtztdH7OKDXmYbI/commerce-api-reference-guide/api-structure/api-keys#confidential-keys)with `/auth`. Include your Global Commerce username and encoded password with the `/auth`. Global Commerce will authenticate the credentials. {% hint style="success" %} **Hint**: When using a Postman collection, provide your Global Commerce credentials in the `csrUserName` and `csrPassword` fields. {% endhint %} For example, a Global Commerce user with the Customer Service Director, Customer Service Supervisor, or Customer Service Representative role can access the `/auth` service to get the `access_token` and then use that `access_token` to [create a satisfaction refund](https://docs.digitalriver.com/commerce-api/admin-apis/refunds/creating-a-satisfaction-refund). {% tabs %} {% tab title="POST /auth" %} ```json curl --location --request POST 'https:///api.digitalriver.com/auth' \ --header 'Content-Type: application/x-www-form-urlencoded' \ --header 'Accept: application/json' \ --header 'Authorization: Basic {{confidential_key}}=' \ --data-urlencode 'grant_type=password' \ --data-urlencode 'username={{username}}' \ --data-urlencode 'password={{password}}' ``` {% endtab %} {% endtabs %} --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.digitalriver.com/commerce-api/master/sending-api-calls.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.