Session-aware access tokens

Learn how to create session-aware access tokens.

The session-aware access token links a Global Commerce shopper session to an access token as well as provides the ability to continue a shopper workflow with a previously established shopper session.

To create a session-aware access token, use the sessionToken query or dr_session_token form parameters, depending on the workflow.

To complete an online purchase, you must provide a session-aware token when transitioning a shopper from a 3rd-party application to a Digital River-hosted checkout experience.

You can create a session-aware token by sending a browser call or a request to the Token endpoint in either the Shopper API or the OAuth API.

If you provide a session token when generating an access token, the system creates a new shopper session.

You can choose one of the following options to create a session-aware access token:

Creating an anonymous shopper token for a site with an API key

Establish an anonymous shopper (limited access) token in a single call by passing in your API key to the sessionToken site action.

You must include the sessionToken site action. The sessionToken site action MUST come from the client's side (the shopper's browser). You can do this via Ajax, as shown in the following example.

Example

function sessionToken() {
       $.ajax({
          url: "https://store.digitalriver.com/store/[siteID]/SessionToken?apiKey=[apiKey]]&format=json",
           type: 'GET',
           async: false,
           contentType: "application/json",
           dataType: "jsonp",
            error: function (data) {
            },
            success: function (data) {
             }
        });
}

Creating an anonymous shopper token for a site via OAuth 2.0

This example requires two calls: one to get the session token and another to create the access token.

Step 1: Get a dr_session_token from the `sessionToken` site action with no API key

You must include the sessionToken site action MUST come from the client's side (the shopper's browser). You can do this via Ajax, as shown in the following example.

Example

function sessionToken() {
       $.ajax({
          url: "https://store.digitalriver.com/store/[siteID]/SessionToken?format=json",
           type: 'GET',
           async: false,
           contentType: "application/json",
           dataType: "jsonp",
            error: function (data) {
            },
            success: function (data) {
             }
        });
}

Step 2: POST the dr_session_token to the oauth20 resource to get an anonymous shopper token.

curl --location -g --request POST 'https://api.digitalriver.com/oauth20/token' \
--header 'Authorization: bearer {{access_token}}' \
...
--data-raw '{
    dr_session_token: [from step #1)
    grant_type: password
    format:json
}'

{
  "token": {
    "access_token": "96c44081d5ee98a7545ede88de966f0f371112b939b503219575572b5054be5b52b...",
    "token_type": "bearer",
    "expires_in": "86397",
    "refresh_token": "96c44081d5ee98a7545ede88de966f0f371112b939b503219575572b5054be5b8f5..."
  }
}

The time-to-live (TTL) value for expires_in respects the user session site settings in Global Commerce. In this example, the token for the site expires in 86397 seconds (24 hours).

PreviousAccess tokens NextAuthorizing a shopper

Last updated 7 days ago