In order to consume the SellerCloud Rest API services, the user first must be authenticated. During the process of authentication, he receives a token, which must be used in every proceeding call to the server.
If they give API access to two different softwares - a shipping software and an accounting software, then we should be able to differentiate between by using two different employees.
Json Web Token
The SellerCloud Rest API uses the JSON web token authentication approach. JWT is an open standard(RFC 7519) that defines a compact and self contained way for securely transmitting information between parties as a JSON object. The information can be verified and trusted because it is digitally signed.
More about how JWT works can be found in https://medium.com/vandium-software/5-easy-steps-to-understanding-json-web-tokens-jwt-1164c0adfcec
The process of authentication is performed by doing a call for receiving a token. This call must be sent to https://[serverid].api.sellercloud.com/rest/api/token
- The required content type is JSON, so for that reason we must add in the request header:
- The required Method type is POST
- Authentication requires a valid username and password, which are send in the request body in the following format:
"Username": "valid username",
"Password": "valid password"
- The response from authentication API call will be in JSON format, and will look as follows:
"username": "valid username",
The most important part of the request is the access token. It needs to be stored somewhere and resent to the server in every subsequent request to the API. SellerCloud utilizes the token to validate that the user is authenticated and is authorized for consuming those services.