Glue APIs uses OAuth 2.0 protocol for authentication and authorization. The OAuth 2.0 is a secure and standard authentication protocol that provides sending authorized requests to the GLUE API services.
The authentication flow follows these steps:
If your business does not have a Glue service account, contact Posti Customer Service to get one. Note that you also need a contract with Posti.
Replace accountname:secret using Posti service account details which Posti has provided to you.
Example request:
curl -H "Accept: application/json" --user "accountname:secret" https://ecom-api.posti.com/auth/token
| Environment | Protocol | Host | Path |
|---|---|---|---|
| UAT | HTTPS | https://argon.ecom-api.posti.com | /auth/token |
| Prod | HTTPS | https://ecom-api.posti.com | /auth/token |
Concatenate the username, a colon character ":", and the password into a single string. After that, Base64 encode the single string.
Credentials: accountname:secret
Base64 encoded value: YWNjb3VudG5hbWU6c2VjcmV0
Before your application can access GLUE API services, it must obtain an access token that grants access to the services.
Access token endpoint: https://ecom-api.posti.com/auth/token
Example request:
GET https://ecom-api.posti.com/auth/token
Headers: Accept: application/json
Authorization: Basic YWNjb3VudG5hbWU6c2VjcmV0
...
Example response:
{
"access_token": "abc123",
"token_type": "bearer",
"expires_in": 3600,
"scope": "internal"
}
The access token may be used to issue requests to GLUE API endpoints. To use the access token, construct a normal
HTTPS request and include an Authorization header with the value of "Bearer
Default expiration time is one hour. After that the client application has to request a new access token.
Example request:
GET https://ecom-api.posti.com/ecommerce/v3/services Headers: Authorization: Bearer abc123 ...
| Status | Error | Message | Meaning |
|---|---|---|---|
| 401 | Unauthorized | Bad credentials | Wrong username or password or account is locked for 1 hour after 5 invalid login attempts. |