Authentication

The v2 version of the aCommerce API uses a bearer token scheme for accessing the API. All communication to aCommerce APIs are done via HTTPS in order to ensure that a person in the middle cannot capture your token. It is your responsibility to safeguard any tokens you are issued to ensure that unauthorized agents cannot use it. Use of tokens to submit orders represent a business contract. And you would not want an unknown person submitting Sales Order or Purchase Orders on your behalf.

To get a token from aCommerce authentication service, use the endpoint below.

POST https://api.acommerce.asia/identity/token

You need to provide your username and API key in a JSON format to the "Tokens" service.

{
    "auth":
    {
        "apiKeyCredentials":
        {  
            "username": "your_username",  
            "apiKey": "your_api_key"
        }
    }  
}

If the presented credentials are valid, then the service will return a 200 HTTP code with a body containing  a JSON response.

{
    "token" :
    {
        "username": "your_username",
        "token_id": "your_id",
        "expires_at": "expire_time"
    }
}

The key thing to extract from this response is the token which can be used for all other API requests. In all other API calls, the token should be presented as an HTTP header of name:  X-Subject-Token