API Clients
You can create and delete API Clients for use with the commercetools Platform in the Merchant Center.
This feature is for developer use only. You can also manage API Clients using the API. For more information, see API Clients.
commercetools API Clients use OAuth 2.0 for authorization. You can grant one or more scopes to API Clients that give access to specific parts of your commercetools Project's data. For more information, see Authorization and Scopes.
Best practices
We recommend giving an API Client the minimum scope required. For example, when creating an API Client to update Product information, give it scopes only for Products. This ensures that your commercetools Project and Platform are as secure as possible.
For most production use cases, we recommend using an SDK to manage your API Clients instead of the Merchant Center. This allows you to manage token requests programmatically. For more information, see Managing token requests.
Create an API Client
After creating an API Client, the Merchant Center displays certain important information only once. Copy this information down to a safe place.
To create an API Client, do the following:
In the Merchant Center main menu, go to Settings > Developer settings.
Click Create New API Client.
In the Name field, enter a name for your API Client. The API Client name must be unique and differ from other names.
Select individual permissions (scopes) for the API Client, or a template (with pre-selected scopes) from the drop-down.
Some scopes automatically include a related scope. For example, if you select the Manage Customers scope, the View Customers scope is automatically selected. For more information, see Scopes.
You can set scopes only when creating an API Client.
If needed, add scopes for specific Stores in your Project. For more information, see Create an API Client with Store scopes.
Click Create API Client.
Copy client_id, secret, scope, API URL, and Auth URL to a safe location as they are displayed only once. Alternatively, copy or download one of the language-specific environment presets. We recommend copying at least the cURL version for all API Clients to generate an access token.
Create an API Client with Store scopes
Stores assign Team permissions and add API Client scopes to specific subsets of your data. Store scopes are useful for large organizations managing data access across regions and other selling contexts. For example, if you create an API Client with the Manage Orders scope for a store Germany, the client can only view and edit orders in the Germany store, even if other orders exist in the Project.
To create an API Client with Stores scopes, do the following:
In the Merchant Center main menu, go to Settings > Developer settings.
Click Create New API Client.
In the Name field, enter a name for your API Client. The API Client name must be unique and differ from other names.
Select individual permissions (scopes) for the API Client, or a template (with pre-selected scopes) from the drop-down.
You do not need to add general scopes for an API Client.
Click Add scopes for store(s).
Select a Store from the list of Stores defined.
Stores must be created using HTTP or GraphQL APIs. For more information, see Stores.
Select individual permissions (scopes) for the API Client.
Click Create API Client.
Copy client_id, secret, scope, API URL, and Auth URL to a safe location as they are displayed only once. Alternatively, copy or download one of the language-specific environment presets. We recommend copying at least the cURL version for all API Clients to generate an access token.
Create an API Client access token using cURL
For production use, we do not recommend using cURL to generate and refresh access tokens for an API Client. However, it can be convenient when exploring an API, for example, retrieving the API Client's access token for use with our Postman collection.
After you create an API Client, do the following:
Copy the cURL request (similar to the below example) and paste it into a command-line prompt, and press Enter.
curl https://auth.{region}.commercetools.com/oauth/token \--basic --user "ZW-i2w6tu-61tSlSbie6Z41c:oqFJEK1OhPtLphtgxIZeOjzKs9dxMQv8" \-X POST \-d "grant_type=client_credentials&scope=manage_customers:{projectKey}"where
{projectKey}
is your Project key.Copy and save the
access_token
displayed on the next line of the cURL request.
Delete an API Client
Exercise caution as it is possible to delete an API Client that is in use.
To delete an API Client, do the following:
- In the Merchant Center main menu, go to Settings > Developer settings.
- Select the respective API Client and click the delete icon.
- Click Confirm in the dialog.