OAuth Service

Download OpenAPI specification:Download

The OAuth Service allows you to generate the following token types:

Token type Description
Anonymous token Used by the storefront to access public resources with a reading scope. It allows customers to browse products, view prices or add products to cart.

The anonymous token is not associated with any customer.
SaaS (customer) token A JSON Web Token (JWT) which contains encrypted customer data.

The SaaS token works similarly to the anonymous token, but it is associated with a specific customer.
Service access token Needed to access the Emporix services such as adding new products, managing categories or modifying prices.

Customer Token

Requesting a customer token

Logs in a customer and sends an authentication request. Returns two customer tokens: * Customer access token. * Customer SaaS token.

Request
path Parameters
tenant
required
string

Name of the tenant.

Note: Name of the tenant is always written in lowercase.

Example: {tenant}
header Parameters
Authorization
required
string

Anonymous customer's access token.

Example: Bearer {anonymous_access_token}
Content-Type
required
string
Example: "application/json"
Request Body schema: application/json
email
required
string <email> non-empty
password
required
string >= 6 characters
Responses
200

The request was successful. A customer token is returned.

post/customer/{tenant}/login
Request samples
application/json
{
  • "email": "customer@emporix.com",
  • "password": "Qwurmdch673;'"
}
Response samples
application/json
{
  • "accessToken": "CZXFASGEG@!@$!24fasASDF",
  • "saasToken": "eyJhbGciOiJIUzI1NiJ9.eyJzdWIAFAFGVZE!@£$FSDVZERTNX0.BK1_F8aRMnnNN6y2Q6TVa4x_Knj3-Qojy4QsPNkHcz8",
  • "expiresIn": 14399,
  • "refreshToken": "QBeG0XJfRqElE67U4tHJAQWrtfas1VR5eg",
  • "refreshTokenExpiresIn": 86399
}

Refreshing a token

Sends an authentication request and returns a refresh token.

Request
path Parameters
tenant
required
string

Name of the tenant.

Note: Name of the tenant is always written in lowercase.

Example: {tenant}
query Parameters
refreshToken
required
string

Customer's refresh token generated when the customer token is created.

Example: refreshToken={customer_refresh_token}
legalEntityId
string

Identifier of the legal entity associated with the user session.

header Parameters
Authorization
required
string

Customer's access token generated when the customer token is created.

Example: Bearer {customer_access_token}
Responses
200

The request was successful. A refresh token is returned.

get/customer/{tenant}/refreshauthtoken
Request samples 
Response samples 
application/json
{
  • "token_type": "Bearer",
  • "access_token": "5UvjlVEsU6G1NTuitcfkNBlAzUn8",
  • "expires_in": 1799,
  • "refresh_token_expires_in": 86326,
  • "refresh_token": "xIMsJmuyyltCWYD7uftonNeBtSAQMldH",
  • "scope": "tenant={tenant}"
}
Validate a token
Checks whether a token is valid. If the token is invalid, it returns a 401 status code. If the token is valid, it provides the token details.


Request 
path Parameters
tenant
required
string
Name of the tenant.


Note: Name of the tenant is always written in lowercase.


 
 Example:  {tenant}
header Parameters
Authorization
required
string
Customer's access token generated upon the customer token creation.


 
 Example:  Bearer {customer_access_token}
Responses 
200
The request was successful. A token details are returned.


401
Unauthorized


get/customer/{tenant}/validateauthtoken
Request samples 
Response samples 
application/json
{
  • "token_type": "Bearer",
  • "expires_in": 2591974,
  • "scope": "approval.approval_read_own customermanagement.legalentity_read_own customer.customer_read_own quote.quote_read_own returns.returns_read_own iam.scope_read_own iam.user_read_own customersegment.segment_read_own iam.group_read_own order.order_readascustomer coupon.coupon_redeem customer.customerprofile_edit quote.quote_manage_own returns.returns_manage_own customer.customer_manage_own approval.approval_manage_own order.order_updateascustomer iam.assignment_delete_own customer.consent_view customer.customerprofile_view order.history_view iam.assignment_create_own customer.consent_manage tenant=test",
  • "sessionId": "415c340b-5996-4112-bb3b-38139a409f93"
}
Anonymous Token
Requesting an anonymous token
Sends an authentication request and returns an anonymous token. This operation causes creation of a new session-context document.


Anonymous token is valid for one hour. After that time it should be refreshed in order to keep the same session ID associated.


Request 
query Parameters
tenant
required
string
Name of the tenant.


Note: Name of the tenant is always written in lowercase.


 
 Example:  tenant={tenant}
client_id
required
string
Your Emporix API key - client ID.


 
 Example:  client_id={client_id}
Responses 
200
The request was successful. An anonymous token is returned.


get/customerlogin/auth/anonymous/login
Request samples 
Response samples 
application/json
{
  • "token_type": "Bearer",
  • "access_token": "tpYgJPZqddEQ2zwfzNtx79noBP65",
  • "expires_in": 3599,
  • "refresh_token": "7FnviYrxvQWYdzUVBVTvXeNAA4Jy1HPe",
  • "refresh_token_expires_in": 86399,
  • "sessionId": "6d4d4d5e-04b9-40c5-9074-4df1405c6081",
  • "scope": "tenant={tenant}"
}
Refreshing an anonymous token
Sends an authentication request and returns new anonymous token with same session ID attached.


This operation causes update of a session-context document with given session ID.


Anonymous token is valid for one hour. After that time, another refresh anonymous token request should be sent.


Request 
query Parameters
tenant
required
string
Name of the tenant.


Note: Name of the tenant is always written in lowercase.


 
 Example:  tenant={tenant}
anonymous_token
required
string
 Deprecated 
NOTE: It's recommended to use refresh_token parameter instead. 
Anonymous token that needs to be refreshed so that the same session ID will be kept. Provide the value of the access_token you get in response to requesting a token request.


 
 Example:  anonymous_token={GOToGKaEKFyR8DokPBwHH0Y3AKCo}
refresh_token
required
string
A refresh token generated when the anonymous token is created.


 
 Example:  refresh_token={7FnviYrxvQWYdzUVBVTvXeNAA4Jy1HPe}
client_id
required
string
Your Emporix API key - client ID.


 
 Example:  client_id={client_id}
Responses 
200
The request was successful. An anonymous token is returned.


get/customerlogin/auth/anonymous/refresh
Request samples 
Response samples 
application/json
{
  • "token_type": "Bearer",
  • "access_token": "tpYgJPZqddEQ2zwfzNtx79noBP65",
  • "expires_in": 3599,
  • "refresh_token": "7FnviYrxvQWYdzUVBVTvXeNAA4Jy1HPe",
  • "refresh_token_expires_in": 86399,
  • "sessionId": "6d4d4d5e-04b9-40c5-9074-4df1405c6081",
  • "scope": "tenant={tenant}"
}
Service Access Token
Requesting a service access token
Sends an authentication request and returns a service access token.


Note: We do not support refresh tokens for service access tokens. In case your service access token expires, you need to send a new authentication request.


Grant type parameter is always client_credentials.


Request 
header Parameters
Content-Type
required
string
 
 Example:  
Request Body schema: application/x-www-form-urlencoded
grant_type
string
 
client_id
string
 
client_secret
string
 
scope
string
 
Responses 
200
The request was successful. A service access token is returned.


post/oauth/token
Request samples 
application/x-www-form-urlencoded
client_id=%7Bclient_id%7D&client_secret=%7Bclient_secret%7D&grant_type=client_credentials&scope=tenant%3D%7Btenant%7D%20...
Response samples 
application/json
{
  • "refresh_token_expires_in": 0,
  • "refresh_token": "",
  • "session_idle_time": 120,
  • "token_type": "Bearer",
  • "access_token": "vkFuQ6oTwj8_Ye4eiRSsqMeqLYNeQRJi",
  • "expires_in": 14399,
  • "scope": "tenant={tenant} ..."
}