Authentication
The steps below will guide you on how to authenticate on our API.
Autenticate the API Call
All API requests to Tilby endpoints must contain an authentication token in the HTTP Headers
Example
GET /v2/sales/ HTTP/1.1
Host: api.scloby.com
Authorization: Bearer m0J9lFG0tlUx2345DDGsVKyf57AK72G2VvcRuOF
Obtain a Token
You can get the token in two ways:
- Through the OAuth server according to the documentation described below (recommended for integrations used by multiple environments).
- Generate a static token using the app according to this guide (easy to use for integrations on individual customers)
Use of the OAuth server
Obtain a Client ID and Client Secret
Please note
It's mandatory that the integration work with the static token before requesting Client ID/Client Secret to our support service.
Send an email to [email protected] and ask for a new application Client ID/Client Secret
Please indicate:
- Application Name
- What would you exactly with your app
- Endpoints you want to access, and desired operations (for ex. if you want to read items ask for /items READ permissions)
- A Callback url for your app (for example http://app.mydomain.com/callback)
Call our login service
- Redirect your app to the following url:
https://login.tilby.com/signin.php?client_id=YOUR_CLIENT_ID&redirect_uri=YOUR_CALLBACK_URL
- Insert valid Scloby credentials (username/phone/email and password)
- Select a shop
- If credentials are valid, our login service redirects to your callback url and appends a GET variable called "code" in the request.
For example, redirects to
http://app.domain.com/callback?code=US3qQIataxOal0pjtReR2a2eBFhivLN4aSxaxyKa
Get the token
- Grab the "code" we sent to you, and put it into a variable
- Send a POST Request to:
https://login.tilby.com/accesstoken.php
with POST parameters:
client_id // the client id we assigned to your app
client_secret // the client secret we assigned to your app
redirect_uri // your redirect uri
code // code we sent to you in the callback
Example test form, if you're using PHP
<form action='https://login.tilby.com/accesstoken.php' method='post' accept-charset='UTF-8'>
<input type="hidden" name="client_id" value="YOUR_CLIENT_ID">
<input type="hidden" name="client_secret" value="YOUR_CLIENT_SECRET">
<input type="hidden" name="redirect_uri" value="YOUR_CALLBACK_URL">
<input type="hidden" name="code" value="<?php echo $_GET['code']; ?>">
<input type="submit" value="get token">
</form>
If everything is gonna be ok, the server will respond with a json contains:
- An access_token, valid for your app, your user, selected shop
- An expires parameter, which is the timestamp indicates when the token expires
- An expires_in parameter, indicates how your token lives
- A refresh_token you have to use for getting a new token when expires without relogin
Example:
{
access_token: "dvNOlrZtOaWVdpdFQK7EQS4aUcKSgBJPtuIJMvc9",
token_type: "bearer",
expires: 1394363325,
expires_in: 2592000,
refresh_token: "qFdGAgZiYkEIKXdYrJejBXWrk1bPvFWivX1Y5Qtn"
}
Refresh your token
If you want to get a new token (for example if the old token expires), you have to just send a request to:
https://login.tilby.com/accesstoken.php
with the following POST parameters:
grant_type="refresh_token" (fixed!)
client_id // the client id we assigned to your app
client_secret // the client secret we assigned to your app
refresh_token // refresh token
Example test form
<form action='https://login.tilby.com/accesstoken.php' method='post' accept-charset='UTF-8'>
<input type="hidden" name="grant_type" value="refresh_token">
<input type="hidden" name="client_id" value="YOUR_CLIENT_ID">
<input type="hidden" name="client_secret" value="YOUR_CLIENT_SECRET">
<input type="hidden" name="refresh_token" value="YOUR_REFRESH_TOKEN">
<input type="submit" value="refresh token">
</form>
Updated almost 2 years ago