API Clients
View, create, and delete API Clients
The commercetools Composable Commerce APIs depends on OAuth 2.0 for authorization. API clients can either be created in the Merchant Center, or with the API documented on this page. The API is especially useful for Infrastructure-as-Code tooling, as well as for frequently rotating your API secrets.
Once an API client has been created, it can not be changed anymore. The secret
is only visible in the response when creating the API Client.
This API allows you to configure the expiration times of OAuth tokens for your API Client. If you want to set expiration times different to the default values shown below, you need to use this API instead of the Merchant Center for creating your API Client.
Token type | Default | Minimum | Maximum |
---|---|---|---|
access token | 48 hours | 1 hour | 7 days |
refresh token | 200 days | 30 seconds | 1 year |
Due to the sensitive nature of this API, it can not be used with the manage_project:{projectKey}
scope, but only with manage_api_clients:{projectKey}
.
Learn more about Composable Commerce OAuth 2.0 for API authentication in our self-paced Authorization flows and API Clients module.
Representations
APIClient
id String | The OAuth2 |
name String | Name of the APIClient. |
scope String | Whitespace-separated list of OAuth scopes that can be used when obtaining an access token. |
secret String | Only shown once in the response of creating the APIClient.
This is the OAuth2 |
lastUsedAt Date | Date of the last day this APIClient was used to obtain an access token. |
deleteAt | If set, the Client will be deleted on (or shortly after) this point in time. |
accessTokenValiditySeconds Int | Expiration time in seconds for each access token obtained by the APIClient. Only present when set with the APIClientDraft. If not present the default value applies. Default:172800 Minimum: 3 600 Maximum: 604 800 |
refreshTokenValiditySeconds Int | Inactivity expiration time in seconds for each refresh token obtained by the APIClient. Only present when set with the APIClientDraft. If not present the default value applies. Default:17280000 Minimum: 30 Maximum: 31 536 000 |
createdAt | Date and time (UTC) the APIClient was initially created. |
APIClientDraft
name String | Name of the APIClient. |
scope String | Whitespace-separated list of OAuth scopes that can be used when obtaining an access token. |
deleteDaysAfterCreation Int | If set, the Client will be deleted after the specified amount of days. |
accessTokenValiditySeconds Int | Expiration time in seconds for each access token obtained by the APIClient. If not set the default value applies. Default:172800 Minimum: 3 600 Maximum: 604 800 |
refreshTokenValiditySeconds Int | Inactivity expiration time in seconds for each refresh token obtained by the APIClient. The expiration time for refresh tokens is restarted each time the token is used. If not set the default value applies. Default:17280000 Minimum: 30 Maximum: 31 536 000 |
ApiClientPagedQueryResponse
PagedQueryResult with results
containing an array of APIClient.
limit Int | Number of results requested. |
offset Int | Number of elements skipped. |
count Int | Actual number of results returned. |
total Int | Total number of results matching the query.
This number is an estimation that is not strongly consistent.
This field is returned by default.
For improved performance, calculating this field can be deactivated by using the query parameter |
results Array of ApiClient | APIClients matching the query. |
Get API Client
view_api_clients:{projectKey}
region String | Region in which the Project is hosted. |
projectKey String |
|
id String |
|
application/json
curl --get https://api.{region}.commercetools.com/{projectKey}/api-clients/{id} -i \--header "Authorization: Bearer ${BEARER_TOKEN}"
{"id": "api-client-id","name": "api-client-name","scope": "view_products:{projectKey}","createdAt": "2018-01-01T00:00:00.001Z","lastUsedAt": "2017-09-10","accessTokenValiditySeconds": 3600,"refreshTokenValiditySeconds": 31536000}
Query API Clients
view_api_clients:{projectKey}
region String | Region in which the Project is hosted. |
projectKey String |
|
where | The parameter can be passed multiple times. |
/^var[.][a-zA-Z0-9]+$/ Any string parameter matching this regular expression | Predicate parameter values. The parameter can be passed multiple times. |
sort | The parameter can be passed multiple times. |
expand | The parameter can be passed multiple times. |
limit Int | Number of results requested. |
offset Int | Number of elements skipped. |
withTotal Boolean | Controls the calculation of the total number of query results. Set to Default: true |
application/json
curl --get https://api.{region}.commercetools.com/{projectKey}/api-clients -i \--header "Authorization: Bearer ${BEARER_TOKEN}"
{"limit": 20,"offset": 0,"count": 1,"total": 1,"results": [{"id": "api-client-id","name": "api-client-name","scope": "view_products:{projectKey}","createdAt": "2018-01-01T00:00:00.001Z","lastUsedAt": "2017-09-10","accessTokenValiditySeconds": 3600,"refreshTokenValiditySeconds": 31536000}]}
Check if API Client exists
Check if API Client exists by ID
Checks if an API Client exists for a given id
. Returns a 200 OK
status if the API Client exists or a 404 Not Found
otherwise.
view_api_clients:{projectKey}
region String | Region in which the Project is hosted. |
projectKey String |
|
id String |
|
curl --head https://api.{region}.commercetools.com/{projectKey}/api-clients/{id} -i \--header "Authorization: Bearer ${BEARER_TOKEN}"
Check if API Client exists by Query Predicate
Checks if an API Client exists for a given Query Predicate. Returns a 200 OK
status if any API Clients match the Query Predicate or a 404 Not Found
otherwise.
view_api_clients:{projectKey}
region String | Region in which the Project is hosted. |
projectKey String |
|
where |
curl --head https://api.{region}.commercetools.com/{projectKey}/api-clients -i \--header "Authorization: Bearer ${BEARER_TOKEN}"
Create API Client
Scopes cannot be changed after an API Client is created.
manage_api_clients:{projectKey}
region String | Region in which the Project is hosted. |
projectKey String |
|
expand | The parameter can be passed multiple times. |
application/json
application/json
curl https://api.{region}.commercetools.com/{projectKey}/api-clients -i \--header "Authorization: Bearer ${BEARER_TOKEN}" \--header 'Content-Type: application/json' \--data-binary @- << DATA{"name" : "api-client-name","scope" : "view_products:{projectKey}","accessTokenValiditySeconds" : 3600,"refreshTokenValiditySeconds" : 31536000}DATA
{"secret": "secret-passphrase","id": "api-client-id","name": "api-client-name","scope": "view_products:{projectKey}","createdAt": "2018-01-01T00:00:00.001Z","accessTokenValiditySeconds": 3600,"refreshTokenValiditySeconds": 31536000}
Delete API Client
manage_api_clients:{projectKey}
region String | Region in which the Project is hosted. |
projectKey String |
|
id String |
|
application/json
curl -X DELETE https://api.{region}.commercetools.com/{projectKey}/api-clients/{id} -i \--header "Authorization: Bearer ${BEARER_TOKEN}"
{"id": "api-client-id","name": "api-client-name","scope": "view_products:{projectKey}","createdAt": "2018-01-01T00:00:00.001Z","lastUsedAt": "2017-09-10","accessTokenValiditySeconds": 3600,"refreshTokenValiditySeconds": 31536000}