LogoLogo
  • LiquidCommerce Documentation
  • πŸ”Authentication API Integration
    • Get Access Token
  • Services
    • πŸ—ΊοΈAddress API
      • Autocomplete
      • Details
    • πŸ‘₯Users API
      • Session
      • Fetch User
      • Delete User
      • Create/Update Address
      • Delete Address
      • Add Payment
      • Update Default Payment
      • Delete Payment
    • πŸ—ƒοΈCatalog API
      • Search
      • Availability
    • πŸ›’Cart API
      • Create/Update Cart
    • πŸ›οΈCheckout API
      • Prepare
      • Complete
    • πŸ“Orders API
      • Authentication
      • Get Order
  • CLOUD SDK
    • Overview
    • Methods & Usage
  • EVENTS & ERRORS
    • Overview
    • Cart Events
    • Checkout Status Codes
  • WEBHOOKS
    • Orders
  • Types
    • Loc
    • Catalog
    • Catalog Filters
    • Product
    • Cart
    • User
    • Retailer
    • Checkout
    • Order
Powered by GitBook
On this page
  • 2-Legged Authentication Flow
  • Token Expiration and Renewal
  • Security Considerations
Export as PDF
  1. Services
  2. Orders API

Authentication

The Orders API utilizes a secure encapsulated data environment that requires 2-legged authentication, which differs from the standard API key approach.

2-Legged Authentication Flow

  • Request Access Token:

    • Send a request to the Authentication endpoint with your credentials

    • Format: userID:password (Base64 encoded)

    • Example: Authorization: Basic dXNlcklEOnBhc3N3b3Jk

  • Receive Access Token:

    • Upon successful authentication, the server returns an access token

    • The token has a limited validity period (default: 60 minutes)

  • Use Access Token:

    • Include the token in the Authorization header for all subsequent API requests

    • Format: Authorization: Bearer {access_token}

Example Authentication Request

POST order-authentication
Host: staging.api.liquidcommerce.cloud
Authorization: Basic dXNlcklEOnBhc3N3b3Jk
Content-Type: application/json

Example Authentication Response

{
  "accessToken": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
  "tokenType": "Bearer",
  "expiresIn": 3600
}

Token Expiration and Renewal

Access tokens expire after their designated lifetime. When a token expires, you must request a new one using your credentials. Do not store access tokens for extended periods.

Security Considerations

  • Never share your userID and password in client-side code

  • Store access tokens securely and transmit only over HTTPS

  • Implement token refresh logic to handle expiration during active sessions

PreviousOrders APINextGet Order

Last updated 5 days ago

πŸ“