User Login

This guide outlines the process for obtaining user authentication tokens using OAuth2. The login process involves two main steps:

Retrieving a client_access_token using client credentials. Exchanging the client_access_token for a user_access_token.

Step 1: Obtain the client_access_token

To retrieve the client_access_token, send a GET request to the following endpoint:

    GET /api/1/oauth2/access_token?locale={{locale}}

Request Payload

{
    "grant_type": "client_credentials",
    "client_id": "{{client_id}}",
    "client_secret": "{{client_secret}}"
}

Response

A successful request will return a response containing the client_access_token:

{
    "token_type": "Bearer",
    "expires_in": <EXPIRY_IN_SECONDS>,
    "access_token": "<CLIENT_ACCESS_TOKEN>"
}

Step 2: Obtain the user_access_token

Once you have the client_access_token, you can use it to retrieve a user_access_token.

Endpoint

POST /api/1/oauth2/access_token?locale={{locale}}

Request Headers

Authorization: Bearer <CLIENT_ACCESS_TOKEN>

Request Payload

{
    "grant_type": "password",
    "client_id": "<CLIENT_ID>",
    "client_secret": "<CLIENT_SECRET>",
    "username": "<USERNAME>",
    "password": "<PASSWORD>"
}

This will return the user_access_token, which can be used to authenticate further API requests on behalf of the user.