Authentication

The steps below will guide you on how to authenticate on our API.

Autenticate the API Call

All API requests to Tilby endpoints must contain an authentication token in the HTTP Headers

Example

GET /v2/sales/ HTTP/1.1
Host: api.scloby.com
Authorization: Bearer m0J9lFG0tlUx2345DDGsVKyf57AK72G2VvcRuOF

Obtain a Token

You can get the token in two ways:

  • Through the OAuth server according to the documentation described below (recommended for integrations used by multiple environments).
  • Generate a static token using the app according to this guide (easy to use for integrations on individual customers)

Use of the OAuth server

Obtain a Client ID and Client Secret

📘

Please note

It's mandatory that the integration work with the static token before requesting Client ID/Client Secret to our support service.

Send an email to [email protected] and ask for a new application Client ID/Client Secret

Please indicate:

  • Application Name
  • What would you exactly with your app
  • Endpoints you want to access, and desired operations (for ex. if you want to read items ask for /items READ permissions)
  • A Callback url for your app (for example http://app.mydomain.com/callback)

Call our login service

  • Redirect your app to the following url:
https://login.tilby.com/signin.php?client_id=YOUR_CLIENT_ID&redirect_uri=YOUR_CALLBACK_URL
  • Insert valid Scloby credentials (username/phone/email and password)
  • Select a shop
  • If credentials are valid, our login service redirects to your callback url and appends a GET variable called "code" in the request.

For example, redirects to

http://app.domain.com/callback?code=US3qQIataxOal0pjtReR2a2eBFhivLN4aSxaxyKa

Get the token

  • Grab the "code" we sent to you, and put it into a variable
  • Send a POST Request to:
https://login.tilby.com/accesstoken.php

with POST parameters:

client_id // the client id we assigned to your app
client_secret // the client secret we assigned to your app
redirect_uri // your redirect uri
code // code we sent to you in the callback

Example test form, if you're using PHP

<form action='https://login.tilby.com/accesstoken.php' method='post' accept-charset='UTF-8'>
     <input type="hidden" name="client_id" value="YOUR_CLIENT_ID">
     <input type="hidden" name="client_secret" value="YOUR_CLIENT_SECRET">
     <input type="hidden" name="redirect_uri" value="YOUR_CALLBACK_URL">
     <input type="hidden" name="code" value="<?php echo $_GET['code']; ?>">
     <input type="submit" value="get token">
</form>

If everything is gonna be ok, the server will respond with a json contains:

  • An access_token, valid for your app, your user, selected shop
  • An expires parameter, which is the timestamp indicates when the token expires
  • An expires_in parameter, indicates how your token lives
  • A refresh_token you have to use for getting a new token when expires without relogin

Example:

{
   access_token: "dvNOlrZtOaWVdpdFQK7EQS4aUcKSgBJPtuIJMvc9",
   token_type: "bearer",
   expires: 1394363325,
   expires_in: 2592000,
   refresh_token: "qFdGAgZiYkEIKXdYrJejBXWrk1bPvFWivX1Y5Qtn"
}

Refresh your token

If you want to get a new token (for example if the old token expires), you have to just send a request to:

https://login.tilby.com/accesstoken.php

with the following POST parameters:

grant_type="refresh_token" (fixed!)
client_id // the client id we assigned to your app
client_secret // the client secret we assigned to your app
refresh_token // refresh token

Example test form

<form action='https://login.tilby.com/accesstoken.php' method='post' accept-charset='UTF-8'>
    <input type="hidden" name="grant_type" value="refresh_token">
    <input type="hidden" name="client_id" value="YOUR_CLIENT_ID">
    <input type="hidden" name="client_secret" value="YOUR_CLIENT_SECRET">           
    <input type="hidden" name="refresh_token" value="YOUR_REFRESH_TOKEN">            
    <input type="submit" value="refresh token">
</form>

Did this page help you?