Go to www.exsited.com Book a Demo
Developers
» Exsited API Authentication
     
Introduction
Authentication
Documentation
Account
GET
POST
DELETE
PATCH
PUT
Item
GET
POST
DELETE
PATCH
PUT
Order
GET
POST
DELETE
PUT
PATCH
Invoice
GET
POST
DELETE
PUT
PATCH
Payment
GET
POST
DELETE
PUT
PATCH
Gift Certificate
GET
POST
DELETE
PUT
PATCH
Purchase Order
GET
POST
DELETE
PUT
PATCH
Purchase Invoice
GET
POST
PATCH
DELETE
Credit Note
GET
POST
DELETE
PUT
PATCH
Return Merchandise Authorizations
GET
POST
DELETE
PUT
PATCH
Integration
GET
POST
PATCH
DELETE
» Exsited API Authentication

Exsited API Authentication: Obtaining Access Token

To interact with the API, all requests must be authenticated using OAuth 2.0. This process involves requesting an access token which is used to authorize each API call.

Step 1: Obtain an Access Token

To authenticate, you'll need to obtain an access token by making a request to the OAuth 2.0 Token API. This access token will be included in the headers of all subsequent API requests.

Authentication Endpoint

  • URL: /api/v1/oauth2/token
  • Method: POST
  • Content-Type: application/json

Request Body

In your request, you must send the following parameters: 

{
  "grant_type": "client_credentials",
  "client_id": "YOUR_CLIENT_ID",
  "client_secret": "YOUR_CLIENT_SECRET",
  "redirect_uri": "YOUR_REDIRECT_URI"
}
  • grant_type: Set this to "client_credentials". This is the OAuth 2.0 flow used to obtain an access token for API access.
  • client_id: Your application's client ID, provided when you registered your application.
  • client_secret: Your application's client secret.
  • redirect_uri: The redirect URI specified during the application setup.

Example Request

Here’s an example request body:

{
  "grant_type": "client_credentials",
  "client_id": "ZDYvLmM2NmErYTViY2FjYWYrNmIzOCsyYS5iKzc0YTcrYjJjNS9gYjEuLl8wKzcuLzIrYTUyNy8=",
  "client_secret": "ZjgxMGU4OGMtMDgwOGEzOWMtZGMwZC00ZjE0LThlZTEtMTczNDMwMjc3YWY4LTkwMTQtMjA4YjU=",
  "redirect_uri": "https://www.exsited.com/"
}

Response

Upon a successful request, you will receive a response containing the access token and refresh token.

{
    "access_token": "ZTcwL2Q3N2IsODU4NjFgNDIsMjRkMiwzYzg0LGE4ZWIsNjMzYTZlMDNiZWVgLDgvMDMsYWMyMDc=",
    "refresh_token": "YzUuLWI1NWAqX2MxL2BgNmIqMzVeMioxXmJgKl82YTMqNjY0X14wX2FjMV40KjYtLjEqNl8wNTQ=",
    "expires_in": 3600
}

Response Details

  • access_token: The token to include in the Authorization header of all API requests.
  • refresh_token: Token to use for obtaining a new access token without re-authenticating.
  • expires_in: Duration in seconds before the access token expires (typically 3600 seconds or 1 hour).

Step 2: Use the Access Token

Once you have obtained the access token, you will need to include it in the Authorization header of each API request, like so:

Authorization: Bearer

Example Header 

Authorization: Bearer ZTcwL2Q3N2IsODU4NjFgNDIsMjRkMiwzYzg0LGE4ZWIsNjMzYTZlMDNiZWVgLDgvMDMsYWMyMDc=

Summary

  1. Send a POST request to the /oauth2/token endpoint with your client_id and client_secret.
  2. Extract the access_token from the response.
  3. Add the access_token to the Authorization header of every API request to authenticate.

This process ensures all API calls are securely authenticated with OAuth 2.0.

APIs
SDK
Help Center
Community
Contact Us

©2025 Exsited. All rights reserved.

Terms and Conditions | Privacy Policy

Follow Us: