Use login credentials for authentication

When you log in as an individual user (either a shopper or an internal user such as a customer service agent), there is no application key, so you must instead supply the user login and password in the body of the request. The following example illustrates logging into a shopper account on the storefront server:

POST /ccstore/v1/login HTTP/1.1
Content-Type: application/x-www-form-urlencoded

grant_type=password&username=johndoe@example.com&password=g4dEj3w1

The response includes an access token to use in subsequent requests. Each API you log into returns a separate access token.

The following example shows the server’s JSON response, which includes the access token:

{
"access_token": "<access_token>",
"token_type": "bearer"
}
Multi-factor authentication (Admin API only)

Logging into the Admin API as an internal user involves multi-factor authentication. To log in, you issue a POST request to the /ccadmin/v1/mfalogin endpoint, and include the username, password, and passcode in the body of the request. For example:

POST /ccadmin/v1/mfalogin HTTP/1.1
Content-Type: application/x-www-form-urlencoded

grant_type=password&username=admin1@example.com&password=A3ddj3w2&totp_code=365214

To obtain passcodes, the login account must be registered with the Oracle Mobile Authenticator app. See Access the Commerce Cloud administration interface in the Using Oracle Commerce Cloud guide for more information.

Note that account passwords and passcodes may expire or be changed, so you must make sure you have up-to-date values when you log in.

Copyright © 1997, 2017 Oracle and/or its affiliates. All rights reserved. Legal Notices