Authentication2 (OAuth)

The Unicommerce works on OAuth 2.0 specification to make its exposed APIs secure. The user is expected to send a valid access token with each REST API request for authentication purpose. This page provides details on how a user can get this access token against valid user credentials from Uniware.

Tip

  • Refer FAQs to know how to create user in Uniware and set its password, to get authentication, using this API.
  • Ensure the user (using this API) is an Admin. Also, he needs access to the appropriate facility to do the necessary updates using the APIs specified here. Refer FAQs for procedure to check the admin access of the user and give facility access.

Basic Information

NAME DETAILS
Endpoint: /oauth/token
Request Type: GET
Scheme: HTTPS
Header (Content-Type): application/json
Header (username): Uniware login username
Header (password): uniware login password

Query Parameters

PARAMETERS TYPE DESCRIPTION MANDATORY NOTES
grant_type string “password” Yes -
client_id string “my-trusted-client” Yes -

Sample CURL

curl --location 'https://{tenant}.unicommerce.com/oauth/token?grant_type=password&client_id=my-trusted-client' \
--header 'Content-Type: Application/json' \
--header 'username: abc@xyz.com' \
--header 'password: Passowrd@1234'

Response Payload

{
   "access_token": "1211cf66-d9b3-498b-a8a4-04c76578b72e",
   "token_type": "bearer",
   "refresh_token": "18f96b68-bdf4-4c5f-93f2-16e2c6e674c6",
   "expires_in": 41621
}

Response Payload Details

PARAMETERS TYPE DESCRIPTION NOTES
access_token string Access token (expires after time given in expires_in) Eg: “1211cf66-d9b3-498b-a8a4-04c76578b72e”
token_type string “bearer” -
refresh_token string Refresh token (used to re-validate access_token) can only be used till 30 days of issuance of first access_token
expires_in integer valid time of access_token in seconds Eg: 41621
scope string “read trust write” -
Unicommerce Website

Copyright © 2024 Unicommerce eSolutions Pvt. Ltd.