When you register an application, Oracle Commerce Cloud Service automatically generates a JSON Web Token called an application key. You send the application key in the authorization header of a POST request, and Oracle Commerce Cloud Service responds with an access token that the application must supply in subsequent requests.
Note: Application keys should be stored securely and all requests that include them must be sent via HTTPS.
Send the authorization header in a POST request to the appropriate login
endpoint. The Content-Type
header value must be set to application/x-www-form-urlencoded
, and the body of the request must include the grant type client_credentials
. For example:
POST /ccadmin/v1/login HTTP/1.1 Content-Type: application/x-www-form-urlencoded Authorization: Bearer<application_key>
grant_type=client_credentials
The following example shows the server’s JSON response, which includes the access token:
{
"access_token": "<access_token>
",
"token_type": "bearer"
}
Now whenever the application needs to access a secured endpoint, it must issue a request with an authorization header that contains the access token. The following example shows an authorization header for a request that returns orders:
GET /ccadmin/v1/orders HTTP/1.1
Authorization: Bearer <access_token>