Overview
In order to consume the SellerCloud Rest API services, the user first must be authenticated. During the process of authentication, he receives a token, which must be used in every proceeding call to the server.
Json Web Token
The SellerCloud Rest API uses the JSON web token authentication approach. JWT is an open standard(RFC 7519) that defines a compact and self contained way for securely transmitting information between parties as a JSON object. The information can be verified and trusted because it is digitally signed.
More about how JWT works can be found in https://medium.com/vandium-software/5-easy-steps-to-understanding-json-web-tokens-jwt-1164c0adfcec
Authentication
The process of authentication is performed by doing a call for receiving a token. This call must be sent to https://[serverid].api.sellercloud.com/rest/api/token
Note: You can obtain your serverID using your Sellercloud team name. Insert your team name into this URL and open the URL in a new browser tab. https://api.sellercloud.com/api/server-by-team/?team={your_team_name}. The ServerID in the resulting json is the serverID for your account.
- The required content type is JSON, so for that reason we must add in the request header:
key: Content-Type
value: application/json - The required Method type is POST
- Authentication requires a valid username and password, which are send in the request body in the following format:
1 2 3 4 |
{ "Username": "valid username", "Password": "valid password" } |
- The response from authentication API call will be in JSON format, and will look as follows:
1 2 3 4 5 6 7 8 |
{ "access_token": "G32YG3Y2G3Y232.HU32U3HU2H32UH32U32.JI3J21I32J1I3J1I3I1J31I", "token_type": "Bearer", "username": "valid username", "expires_in": 1800, ".issued": 2019-03-29T09:16:00, ".expires": 2019-03-29T08:46:00 } |
The most important part of the request is the access token. It needs to be stored somewhere and resent to the server in every subsequent request to the API. SellerCloud utilizes the token to validate that the user is authenticated and is authorized for consuming those services.
The access token will be valid for 60 minutes.
Attachments: