Session-aware access tokens
Learn how to create session-aware access tokens.
The session-aware access token links a Global Commerce shopper session to an access token as well as provide the ability to continue a shopper workflow with a previously established shopper session.
To create a session-aware access token, use the
sessionToken
query parameter or dr_session_token
form parameter, depending on the workflow.You must provide a session-aware token when transitioning a shopper from a 3rd-party application to a Digital River-hosted checkout experience to complete an online purchase.
You can create a session-aware token by either sending a browser call or a request to the Token endpoint in either the Shopper API or the OAuth API.
If you provide a session token when generating an access token, the system creates a new shopper session.
You can choose one of the following options to create a session-aware access token:
Establish an anonymous shopper (limited access) token in a single call by passing in your API key to the
sessionToken
site action.You must include the
sessionToken
site action. The sessionToken
site action MUST come from the client side (the shopper's browser). You can do this via ajax and as shown in the following example.Example
function sessionToken() {
$.ajax({
url: "https://store.digitalriver.com/store/[siteID]/SessionToken?apiKey=[apiKey]]&format=json",
type: 'GET',
async: false,
contentType: "application/json",
dataType: "jsonp",
error: function (data) {
},
success: function (data) {
}
});
}
This example requires two calls; one to get the session token, and another to create the access token.
You must include the
sessionToken
site action and it MUST come from the client side (the shopper's browser). You can do this via ajax, as shown in the following example.Example
function sessionToken() {
$.ajax({
url: "https://store.digitalriver.com/store/[siteID]/SessionToken?format=json",
type: 'GET',
async: false,
contentType: "application/json",
dataType: "jsonp",
error: function (data) {
},
success: function (data) {
}
});
}
URI
Response body
curl --location -g --request POST 'https://api.digitalriver.com/oauth20/token' \
--header 'Authorization: bearer {{access_token}}' \
...
--data-raw '{
dr_session_token: [from step #1)
grant_type: password
format:json
}'
{
"token": {
"access_token": "96c44081d5ee98a7545ede88de966f0f371112b939b503219575572b5054be5b52b...",
"token_type": "bearer",
"expires_in": "86397",
"refresh_token": "96c44081d5ee98a7545ede88de966f0f371112b939b503219575572b5054be5b8f5..."
}
}
The time-to-live (TTL) value for
expires_in
respects the user session site settings in Global Commerce. In this example, the token for the site expires in 86397 seconds (24 hours).Last modified 5mo ago