Oracle Commerce Cloud REST APIs use OAuth 2.0 with bearer tokens for authentication. Two authentication approaches are supported:
To enable an external application to be authenticated, the application must first be registered in the administration interface, as described in Register applications. As part of the registration process, an application key is generated. During authentication, the application key must be passed to Oracle Commerce Cloud using a POST request to the appropriate
login
endpoint.To authenticate an internal user or storefront shopper, the user login and password must be passed to Oracle Commerce Cloud using a POST request to the appropriate
login
endpoint.
In either case, if the authentication succeeds, the endpoint returns an access token that must be supplied in subsequent requests. Note that application keys and access tokens are long base64-encoded strings.