Most endpoints can be operated without authentication, since it is not mandatory.

However, we strongly recommend to authenticate when operating in the production environment, even for simple reading operations from the catalog.



To use Catalog and Merchant, third-party developers do not need to be authenticated until placing an order but we advise to do so unless you just want to anonymously fetch data.

Instead, Authentication is needed for the final Merchant operations and to act as a Supplier.

Acting as a Merchant

Authentication is required for Merchant API requests.

Thanks to the authentication, we can grant you the right permissions to navigate and operate on our data.

We follow the oAuth2 standard RFC-6749 The OAuth2 flow depends on the type of application you are developing. If you have doubts, get in touch.

For a good explanation of OAUTH2 see this page on DigitalOcean

There are two grant types:

  • client: if you don't have any customer context you can use this type of authentication.
  • resource owner: if you want to authenticate a specific customer and access his personal information