Guides

1. API Keys & Open API access token

Suggest Edits

Developer Center provides two mechanism to obtain access token for accessing Open API & Webhook.

Client ID and Secret Key are automatically generated in the "API Keys" section.

Client ID

This is the client id we use to identify your app in OAuth flow

Client Secret Key

This is the client secret of your app

OAuth Callback URLs

Turn on and edit "Callback URLs". It refers to the whitelisted OAuth redirect uri of your website. For more detail information, you can refer here.

App Installation Token

Turn on "App Installation Token", you will receive an open api access token through webhook after merchant installed your app. For more detail information, you can refer here.

Query param

Query param is not allowed in redirect uri.

📘

OAuth2

You can find the detailed documentations on how to interact with our authorization server here.

If you find yourself not familiar with OAuth2, please revisit the related concepts and come back here, cheers :)

Open API's (OA) App rate limit

App Rate Limit

The app token is configured with a default rate limit to ensure the stability of the SHOPLINE system. When a user exceeds the rate limit, their subsequent requests will be temporarily blocked. However, this limit refills continuously every second, allowing for resumed access after this brief pause.

Please be aware that SHOPLINE periodically reviews and adjusts these rate limits as part of our commitment to maintaining system stability. For those who require the exact current rate limit values, we encourage you to reach out to your designated contact point at SHOPLINE for detailed information.

Guidelines for Retry Mechanisms

A key to managing rate limit effectively is to integrate retry mechanisms in your system's architecture. This ensures your application's responsiveness and efficiency, even with rate limit hits. Our recommendations include:

  • Robust Design: Equip your application with advanced retry logic capable of handling traffic spikes or other abnormal high frequency of API request.
  • Proactive Monitoring: Implement a monitoring system to observe the length of your request queues. Establish alerts for prolonged queue times to enable timely responses.
  • Immediate Response: Be agile in responding when notified of increased queue lengths, to ensure continued optimal performance of your application.

Updated 10 months ago