Access tokens

Access tokens are essential credentials that allow an application to authenticate and access specific resources or APIs. They act as a key, providing a secure means to access server resources on behalf of the user. This section will guide you through obtaining and managing these tokens for seamless integration with our services. Access tokens ensure secure API interactions and help maintain user privacy and data integrity.

Getting an access token

Obtaining an access token is the first critical step in integrating our services with your application. An access token is a key to authenticating your application and authorizing access to our APIs. This section will guide you through generating an access token using a simple API request, ensuring secure and seamless communication with our APIs.

Generate an access token by initiating a GET /oauth20/access-token request using your bearer token. Replace {{access_token}} with your actual bearer token.

curl --location -g --request GET 'https://api.digitalriver.com/oauth20/access-token' \
--header 'Authorization: bearer {{access_token}}' \
...

{
  "sessionId": "your_session_ID",
  "userId": "your_user_ID",
  "externalReferenceId": "external_reference_ID",
  "authenticated": "true",
  "locale": "en_US",
  "currency": "USD",
  "cartId": "your_cart_ID",
  "clientIpAddress": "string",
  "domain": "drh-api-ot04.digitalriverws.net",
  "expiresIn": 86397,
  "themeId": "string",
  "sessionTag": "session_tag"
}

Upon successful execution, you will receive a 200 OK response with your session details and the access token, which is necessary for subsequent API calls.

Deleting an access token

Deleting an access token is essential for maintaining your application's security and efficiency. Revoking no longer needed tokens can help prevent unauthorized access to the API. This section will guide you through deleting an access token and detailing the necessary API request and the expected response.

Here are some scenarios where you should delete an access token:

• Once you have completed all the required API calls, you no longer need the token.

• To periodically refresh tokens for enhanced security, reducing the risk of token theft.

• When users log out, ensure you fully terminate their session so they cannot reuse the access token without re-authentication.

To delete an access token, send a DELETE /oauth20/access-token request with your bearer token included in the header. Replace {{access_token}} with your actual token. This action will revoke the access token, effectively terminating the session.

curl --location -g --request DELETE 'https://api.digitalriver.com/oauth20/access-token' \
--header 'Authorization: bearer {{access_token}}' \
...

{
  "sessionId": "your_session_ID",
  "userId": "your_user_ID",
  "externalReferenceId": "external_reference_ID",
  "authenticated": "true",
  "locale": "en_US",
  "currency": "USD",
  "cartId": "your_cart_ID",
  "clientIpAddress": "string",
  "domain": "drh-api-ot04.digitalriverws.net",
  "expiresIn": 86397,
  "themeId": "string",
  "sessionTag": "session_tag"
}

You should receive a 200 OK response upon successful deletion.