Digital River uses OAuth2 for authentication and authorization of protected resources of the Shopper API. The Digital River OAuth 2.0 API allows third-party applications to authenticate and perform actions on behalf of a shopper without acquiring the shopper's password. Public resources do not require an access token; however, access requires an API key configured as a public key. For more details, see OAuth 2.0 APIs.

OAuth is an open protocol to allow secure authorization in a standard method from the web, mobile, and desktop applications. The OAuth 2.0 authorization framework enables a third-party application to obtain limited access to an HTTP service.


The OAuth API is intended for use only with the Shopper APIs.

The REST APIs use the API utilizes OAuth 2.0 standard W3C standard for authentication and authorizing shoppers and their data. OAuth 2.0 allows you, the developer, to access a Shoppers Account without requiring shoppers to share their identity or password.

Consumer developers:  Use OAuth to publish and interact with protected data if you are building:

  • Web
  • Desktop
  • Mobile
  • Web page widgets
  • JavaScript
  • Browser-based applications

Service Provider developers: Use OAuth to give your users access to their data while protecting their account credentials if you are:

  • Supporting the web and mobile applications
  • Supporting server-side API mashups
  • Storing protected data on behalf of your users