By using this website you implicitly accept our cookies. For more informations read our Cookie policy

Authentication

In order to interact with Marketcloud's API, you need to authenticate your application with your credentials. Every API request fired from your app must provide an Authorization header in the form Authorization: <public-key> or Authorization: <public-key>:<token>

The first form only works with public endpoints such as getting a list of products.

The second form is required whenever invoking restricted endpoints or when making requests on behalf of a user inside your app.

Example authenticated request
curl 'https://api.marketcloud.it/v0/products' \
-H 'Authorization:f84af487-a315-42e6-a57a-d79296bd9d99'

If you fail to provide the correct credentials, you will receive a "Unauthorized" error:


{
  "status":false,
  "errors": [
    {
      "code" : 401,
      "type":"Unauthorized",
      "message":"Authorization is missing"
    }
  ]
}          
        

Obtaining a token

Note
If you use one of the official SDKs, you will not need to handle the authentication process. The SDK will do it for you transparently.

To obtain an authorization token for your application, you need to invoke the /tokens endpoint using the correct parameters.

Example request

curl --request POST \
  --url https://api.marketcloud.it/v0/tokens \
  --header 'content-type: application/json' \
  --data '{"publicKey" : "yourPublicKey","secretKey" : "yourHashedSecretKey","timestamp" : 1441724677832}'
        

Scroll down to the next section to learn how to hash the secret key

Example successful response
{
  "status" : true,
  "token"  : "8juHBgBOXv1WDmuHFCR/+8h0U6qS7k08WCil3y/mBjZ="
}
        

Hashing the secret key

The secret key must be hashed (sha256) with a unix timestamp before being sent. You can generate the token and use the api with your favourite programming language, here's an example using Bash scripting. Paste your public and secret key into the following code and execute it.

A more complete example using node.js would be:

At this point, you can use the generated token to authenticate your subsequent requests by setting the "Authorization" http header in every request.

Authorization: your-public-key:generated-token

Questions?

We're super happy to help with any question you might have! Send us an email, or get in touch with us in our Slack channel !