Authorization Header Usage

As a security improvement, on 6 May 2019 the commercetools Composable Commerce API endpoints will no longer accept access tokens as URI parameters.

All API Clients should provide access tokens using the Authorization header as follows:

POST /{{projectKey}}/channels HTTP/1.1
Host: api.{region}.{cloudProvider}.commercetools.com
Authorization: Bearer {accesstoken}

...

For more information, see:

• OAuth 2.0 Specification – RFC 6750, §2.3
• Authorization
• Using an access token