Authentication

Shoplo uses OAuth 1.0 to provide authorized access to its API. For a detailed technical explanation of the spec, see here.


Introduction

To understand the way OAuth works can help You creating and debug applications which use Shoplo API. Applications using OAuth need to obtain access token to act on behalf of a user account and authorize all HTTP requests it sends to Shoplo's API.

Each Shoplo App has generated api key and shared secret. You can find it on your app's page on partners account. Be aware not to show to anyone your shared secret, because someone who stole it, will be able to get access to any shop that your app is installed in.

Your application must first obtain an OAuth access token on behalf of a Shoplo shop to make authorized calls to Shoplo's APIs. When you receive an access token and token secret, you are at home with Shoplo API! By following the steps described in Authorizing a request, you can issue authorized requests to the REST API.


Let's begin our authentication. Get request token

To initiate authentication you need to redirect the shop owner to the following URL:

POST https://api.shoplo.com/services/oauth/request_token

with the following parameters:

  • oauth_consumer_key - the API KEY for your app
  • oauth_consumer_secret - the shared secret for your app

In response you will receive two parameters:

  • oauth_token - temporary token used to authenticate your request with authorization
  • oauth_token_secret - secret token used later to get access token

Authorization

After you receive a temporary token, so we know who are you, you can redirect shop owner to authorize on the following URL:

GET https://api.shoplo.com/services/oauth/authorize

with the following parameters:

  • oauth_token - temporary token receive from the previous request
  • oauth_callback - the URL that the shop owner will be sent to once authentication is complete.

Once the show owner authenticate, Shoplo redirects them to the oauth_callback specified by the app with a temporary access token as a parameter "oauth_token"


Getting access token

Finally, we are a step away from getting our precious access token, which give you access to all data you need. To receive it, you have to redirect the shop owner to the following URL:

POST https://api.shoplo.com//services/oauth/access_token

with the following parameters:

  • oauth_consumer_key - the API KEY for your app
  • oauth_consumer_secret - the shared secret for your app
  • oauth_token - temporary access token receive from authentication
  • oauth_token_secret - secret token receive from the first request

The response will contain your access token i access token secret as GET parameters "oauth_token" and "oauth_token_secret".


Using access token

Having token, you can use it to access Shoplo API. The token is available for the lifetime of the install, so save it in secure place for use later on.