Authentication - OAuth
If you are looking to build an app that will be used by multiple shops, you will need to use OAuth.
First, create an app by following the instructions in Apps - Getting started.
Once completed, you will need to know:
- Your redirect URL
- Your client ID
- Your client secret
Authorize url
Link your users to this url to start the login process for your app. Always use my-shop.fourthwall.com as the shop url as this will link to the logged in user's current shop. You can copy this URL from the OAuth tab of your app.
https://my-shop.fourthwall.com/admin/platform-apps/<YOUR_CLIENT_ID>/connect?redirect_uri=<YOUR_URL_ENCODED_REDIRECT_URL>
Getting an access token
After the user has authorized your app, they will be redirected to your redirect URL with an authorization code. You will need to exchange this code for an access token.
curl example:
curl -XPOST https://api.fourthwall.com/open-api/v1.0/platform/token \
-H "Content-Type: application/x-www-form-urlencoded" \
-d "grant_type=authorization_code&redirect_uri=<YOUR_REDIRECT_URL>&client_id=<YOUR_CLIENT_ID>&client_secret=<YOUR_CLIENT_SECRET>&code=<AUTHORIZATION_CODE>"
The response will contain an access_token, refresh_token, and other information.
Using the access token
curl example:
curl -XGET https://api.fourthwall.com/open-api/v1/order/{YOUR_ORDER_ID} \
-H "Authorization: Bearer YOUR_ACCESS_TOKEN"
Refreshing the access token
Access tokens expire rather quickly (within a few minutes). You can use the refresh_token to get a new access token without having to re-authorize the user.
curl example:
curl -XPOST https://api.fourthwall.com/open-api/v1.0/platform/token \
-H "Content-Type: application/x-www-form-urlencoded" \
-d "grant_type=refresh_token&client_id=<YOUR_CLIENT_ID>&client_secret=<YOUR_CLIENT_SECRET>&refresh_token=<YOUR_REFRESH_TOKEN>"