Initiate an Authenticated Session

Send the following request to create a limited access token to identify the shopper session:


Include your base64-encoded API key and secret in the request header.  Include grant_type=client_credentials and the externalReferenceId in the request body.

This Token API identifies a shopper session. A token consists of an access_token and a refresh_token. They correspond to session cookie and cookie in the browser. You can save the access_token and refresh_token in the application and use them in subsequent queries. The access_token expires after a specified interval (60 minutes by default in user session site settings in Global Commerce). The refresh_token expires after one year.

The expires_in property is the time-to-live (TTL) value for the access token. You can refresh the access token at any time.

For more information, see POST /oauth20/token (Limited-Access Token).