Authentication & Authorization
Updated, 2012-06-19 14:28
Authentication gives your application the ability to read and write data via the API. The Dexero eCommerce platform uses OAuth 2.0 for authentication and authorization.
OAuth2 requires HTTPS.
OAuth2 is a protocol that allows partners and applications to interact with Dexero eCommerce. The main purpose of providing support OAuth2 goal is to enable developers to interact with Dexero eCommerce without storing sensitive credentials. Our implementation also allows users to manage their own connections.
If you are new to the world of OAuth, you can read more http://oauth.net.
If you are already familiar with OAuth2, then all you really need to know is the endpoint of the token.
- https://ecommerce.dexero.com/oauth/token.action
Before starting to develop an application using Dexero eCommerce, you will need a customer number and a secret key of the client. Customer number and the client's secret key is used to authenticate your application and verify that the calls made are valid.
Security
Depending on the context of use, the credentials can offer access to a large amount of data. As the number of applications and many use the same authorization information, the more likely it is compromise is high. It is extremely important that the credentials used to authenticate the client are highly confidential. Ideally, it would be preferable to renewed on a regular basis.Exchange credentials applying for an access token
The application must request an access token from the authorization server, the authentication request with client credentials.POST parameters | Description |
---|---|
client_id | The value to you when you registered your application. |
client_secret | The value to you when you registered your application. |
scope | read |
grant_type | client_credentials |
Receiving an access token
$credentials = "your_client_id:your_client_secret"; $curl = curl_init( "https://ecommerce.dexero.com/oauth/token.action" ); curl_setopt( $curl, CURLOPT_POST, true ); curl_setopt( $curl, CURLOPT_POSTFIELDS, 'scope=read&grant_type=client_credentials'); curl_setopt( $curl, CURLOPT_RETURNTRANSFER, 1); curl_setopt( $curl, CURLOPT_HTTPHEADER, array( 'Authorization: Basic ' . base64_encode($credentials) ) ); $auth = curl_exec( $curl ); $secret = json_decode($auth); $access_key = $secret->access_token;
Example Request
$access_key = "--------"; $merchant_key = 'merchant'; $catalog_key = 'catalog'; $curl = curl_init( "https://ecommerce.dexero.com/service/rest/2/$merchant_key/$catalog_key/products.json?page=1" ); curl_setopt( $curl, CURLOPT_HTTPHEADER, array( 'Authorization: Bearer ' . $access_key ) ); curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1); curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, false); $result = curl_exec ($curl); curl_close ($curl); echo json_decode($result);