Authorizing a shopper

Authorizing a shopper is an essential process that ensures secure access to your site and protects user data. By leveraging the OAuth 2.0 protocol, our API can authenticate shoppers and generate access tokens, which grant permission to perform actions within the specified scope. The following steps will guide you through the authorization process using a simple GET request method, facilitating a seamless and secure interaction for your shoppers.

To authorize a shopper, send the GET /oauth20/authorize request and include the following query parameters.

• redirect_uri: This parameter specifies the URL to which the shopper will be redirected after authorization. It must match one of the redirect URIs configured in your OAuth client.

• client_id: This parameter is a unique identifier for your application provided by Digital River when registering your app.

• response_type: This parameter determines the type of authorization request. For implicit flow, use token to receive the access token directly in the URL fragment after authorization.

• dr_limited_token: This parameter is a token provided by Digital River that restricts access to specific API operations based on the token's scope and permissions.

Example cURL command:

curl --location -g --request GET 'https://api.digitalriver.com/oauth20/authorize?redirect_uri=http%253A%252F%252Fexample.com&client_id=a78b756bd47e258841d7f007f3f62a&response_type=token&dr_limited_token=6c6bfd0fb07be35c608a2b8e5f5ae72e' \

The 200 OK response indicates that the authorization request was successful. However, no content is returned in the response body. Instead, the authorization token is included in the URL fragment to which the shopper is redirected. This token can then be used for subsequent API requests per the OAuth 2.0 implicit flow for public clients.