Authentication

Updated 1 week ago ​by nussi

Overview

In order to consume some SellerCloud Rest API services, user first must be authenticated. During process of authentication, he receives a token, that will be used in every proceeding call to the server.

A simple REST Api is exposed on endpoint https://tt.api.sellercloud.com/rest/

Important: Keep in mind that API is hosted on different servers. The provided example endpoint is for TT server, but you must use your own one.

Description on the different API calls, request models can be retrieved using swagger. It can be opened on https://tt.api.sellercloud.com/rest/swagger

Figure 1 - Swagger

Json Web Token

SellerCloud Rest API is using JSON web token authentication approach. JWT is an open standard(RFC 7519) that defines a compact and self contained way for securely transmitting information between parties as a JSON object. The information can be verified and trusted because it is digitally signed.

More about how JWT works can be found in https://medium.com/vandium-software/5-easy-steps-to-understanding-json-web-tokens-jwt-1164c0adfcec

Authentication

Process of authentication is performed once you do a call for receiving a token. Token must be done to https://tt.api.sellercloud.com/rest/api/token

  • Content type is JSON and for that reason we must add in the request header:
    key: Content-Type
    value: application/json
  • Method type is POST
  • Authentication requires a valid username and password, which are send in the request body in the following format:

{
"Username": "valid username",
"Password": "valid password"
}
  • Response from authentication API call will be in JSON format:
{
"access_token": "G32YG3Y2G3Y232.HU32U3HU2H32UH32U32.JI3J21I32J1I3J1I3I1J31I",
"token_type": "Bearer",
"username": "valid username",
"expires_in": 1800,
".issued": 2019-03-29T09:16:00,
".expires": 2019-03-29T08:46:00
}

What is important from the snippet is the access token. It needs to be stored somewhere and resend to the server in every request, no matter that you want to update order's tracking number or retrieve some metadata for an inventory.

Token is used like a ticket, so that SellerCloud can validate on the server that user is authenticated and authorized for consuming those services.

Attachments:

Authentication.Client API


How did we do?