Creating Session-Aware Access Tokens

Digital River APIs create a session-aware access token that links a Global Commerce shopper session to an access token. A session-aware token gives developers the flexibility to implement certain portions of their shopping workflow with API calls, and other portions of Digital River-hosted pages, and facilitates a smooth transition to checkout during the shopping experience. A session-aware access token also provides the ability to continue a shopper workflow with a previously-established shopper session.

To create a session-aware access token, use the sessionToken query parameter or dr_session_token form parameter, depending on the workflow.

Note:

If no session token is provided when generating an access token, a new shopper session is created.

You can create a session-aware token by either making a browser call or a request to the Token API in either the Shopper or the OAuth APIs.

Example 1: Send a browser call to get a session-aware token

Send a browser request to store.digitalriver.com. You must provide the site ID. Include the sessionToken in the URL. Pass the API key in the request as a query parameter. You must configure the API key as a public key. Only one call is required. This scenario is suitable for viewing public resources such as products and offers.

Request

http://store.digitalriver.com/store/siteId/SessionToken?apiKey=yourAPIkey

Response

The response returns a session-aware access token:

<token>
   <access_token>96c44081d5ee98a7545ede88de966f0f371112b939b503219575572b5054be5b52b...</access_token>
   <token_type>bearer</token_type>
   <expires_in>86397</expires_in>
   <refresh_token>96c44081d5ee98a7545ede88de966f0f371112b939b503219575572b5054be5b8f5...</refresh_token>
</token>

Note that the time-to-live (TTL) value shown in expires_in respects the user session site settings in Global Commerce. In this example, the token for the site expires in 86397 seconds (24 hours).

Example 2: Create an access token (Shopper API)

This example requires two calls; one to get the session token, and another to create the access token.

Step 1: Get a session token

Send a GET request to store.digitalriver.com:

Request

GET http://store.digitalriver.com/store/siteID/SessionToken

Response

The response returns the session token:

<token>
   <session_token>D44838970DE690441E405D070AFBB44B</session_token>
</token>

Step 2: Pass the session token as a query parameter

Request

Send a GET request to the Shoppers Token API. The following request passes in a public API key, overrides the response format as XML, and passes in the session token as query parameters:

GET https://api.digitalriver.com/v1/shoppers/token?apiKey=yourAPIkey&format=xml&sessionToken=D44838970DE690441E405D070AFBB44B HTTP/1.1

Response

<token>
   <access_token>96c44081d5ee98a7545ede88de966f0f371112b939b503219575572b5054be5b52b...</access_token>
   <token_type>bearer</token_type>
   <expires_in>86397</expires_in>
   <refresh_token>96c44081d5ee98a7545ede88de966f0f371112b939b503219575572b5054be5b8f5...</refresh_token>
</token>

Example 3: Create an access token (OAuth API)

Step 1: Get a session token

Step 2: Pass the session token as a form parameter

Request

Send a POST request to the Token API under OAuth API.

Payload

Pass the payload as a form parameter (media type is www-form-url-encoded), and include the grant type and the dr_session_token. For example:

grant_type=password&dr_session_token=D44838970DE690441E405D070AFBB44B

Response

<token>
   <access_token>96c44081d5ee98a7545ede88de966f0f371112b939b503219575572b5054be5b52b...</access_token>
   <token_type>bearer</token_type>
   <expires_in>86397</expires_in>
   <refresh_token>96c44081d5ee98a7545ede88de966f0f371112b939b503219575572b5054be5b8f5...</refresh_token>
</token>