Token Exchange

Redirect back to your app

After users has authorized your app, our authorization server will redirect user back to your redirect_uri with the authorization code. The following is a dummy uri to illustrate this idea.

https://my-awesome-app.shoplineapp.com/oauth_callback?code=69a801d873305eca0245ef951687c491bf81a79421b10a4f42743b1ff3e85da0

You should then use code to exchange users' access token from us in your backend server. The following curl example illustrates this idea

According to the system logic in July 2023, the code will become invalid after 600 seconds

Example

Obtain access token endpoints

endpoint

POST https://developers.shoplineapp.com/oauth/token

Params you need

code: The authorization code you when user is redirected back to your app. The code will be carried in the query param.
client_id: You can get it in your App Keys page.
client_secret: You can get it in your App Keys page.
grant_type: always authorization_code
redirect_uri: uri you set in App Keys page.

curl example

curl -d '{"code":"69a801d873305eca0245ef951687c491bf81a79421b10a4f42743b1ff3e85da0", "grant_type":"authorization_code", "client_id": "your_client_id", "client_secret": "your_client_secret", "redirect_uri": "redirect_uri"}' -H "Content-Type: application/json" -X POST https://developers.shoplineapp.com/oauth/token

example response payload

{
    "access_token": "eyJhbGciOiJIUzI1NiJ9.eyJqdGkiOiJkZTNjOWJkOGU3MGQwNWYzOTk2Mjc0Mjc2NzYwYWFkNiIsImRhdGEiOnsibWVyY2hhbnRfaWQiOiI1ZjBiZGE1ZTRlNWZjYTAwMTBjODFmZWYiLCJhcHBsaWNhdGlvbl9pZCI6IjYzNWE1ODE3ZmQ4NTFiMDAwZDJmNTk0ZCJ9LCJpc3MiOiJodHRwczovL2RldmVsb3BlcnMuc2hvcGxpbmVhcHAuY29tIiwiYXVkIjpbXSwic3ViIjoiNWYwYmRhNWU0ZTVmY2EwMDEwYzgxZmVmIn0.lEsz0R_VOBwKwLmI9x5X4MDlzeVX3ptY4jtLXsqX2eM",
    "token_type": "Bearer",
    "expires_in": 15778476,
    "refresh_token": "bc2c3d3f1ce8776d2f358e74683e275d68dc8fea2c78a2c2080d9014c5730879",
    "scope": "products orders",
    "created_at": 1678956849,
    "resource_owner_id": "5f0bda5e4e5fca0010c81fef"
}