Oracle Commerce Cloud Service REST APIs use OAuth 2.0 with bearer tokens for authentication. Two authentication approaches are supported:
To enable an external application to be authenticated, the application must first be registered, as described in Register applications. As part of the registration process, an application key is generated. During authentication, the application key must be passed to Oracle Commerce Cloud Service using a POST request to the appropriate
login
endpoint.To authenticate an administrator or storefront shopper, the user login and password must be passed to Oracle Commerce Cloud Service using a POST request to the appropriate
login
endpoint.
In either case, if the authentication succeeds, the endpoint returns an access token that must be supplied in subsequent requests. Note that application keys and access tokens are long base64-encoded strings.