Skip to main content
If you are looking to build an app that will be used by multiple shops, you will need to use OAuth. First, create an app by following the instructions in Apps - Getting started. Once completed, you will need to know:
  1. Your redirect URL
  2. Your client ID
  3. Your client secret

Authorize URL

Link your users to this URL to start the login process for your app. Always use my-shop.fourthwall.com as the shop URL as this will link to the logged in user’s current shop. You can copy this URL from the OAuth tab of your app. You will need to provide your Client ID in the path (you can get this from your apps settings page), your redirect URL, as well as an optional state parameter. 
https://my-shop.fourthwall.com/admin/platform-apps/<YOUR_CLIENT_ID>/connect?redirect_uri=<YOUR_URL_ENCODED_REDIRECT_URL>&state=<OPTIONAL_STATE_PARAM>

Getting an access token

After the user has authorized your app, they will be redirected to your redirect URL with an authorization code and the state parameter if you provided one. You will need to exchange this code for an access token. 
curl -XPOST https://api.fourthwall.com/open-api/v1.0/platform/token \
  -H "Content-Type: application/x-www-form-urlencoded" \
  -d "grant_type=authorization_code&redirect_uri=<YOUR_REDIRECT_URL>&client_id=<YOUR_CLIENT_ID>&client_secret=<YOUR_CLIENT_SECRET>&code=<AUTHORIZATION_CODE>"
The response will contain an access_token, refresh_token, and other information.

Using the access token

curl -XGET https://api.fourthwall.com/open-api/v1/order/{YOUR_ORDER_ID} \
  -H "Authorization: Bearer YOUR_ACCESS_TOKEN"

Refreshing the access token

Access tokens expire rather quickly (within a few minutes). You can use the refresh_token to get a new access token without having to re-authorize the user. 
curl -XPOST https://api.fourthwall.com/open-api/v1.0/platform/token \
  -H "Content-Type: application/x-www-form-urlencoded" \
  -d "grant_type=refresh_token&client_id=<YOUR_CLIENT_ID>&client_secret=<YOUR_CLIENT_SECRET>&refresh_token=<YOUR_REFRESH_TOKEN>"