The Marketplace’s APIs authentication is carried out with information of a pair of tokens on the requests header. The following pair of tokens is expected in each request:
Acquisition of Access Token for Sandbox environment
As soon as a new APP is created on the developer portal, an access_token is created, with the necessary access rules in order to access the Sandbox APIs. It can be viewed on “APP Details”, in the APPs list of the developer portal
Acquisition of Access Token for Production environment
As soon as your APP undergoes the validation process, you will need a new access_token, with the necessary access rules for the production environment. Different from Sandbox environment, this new access_token generation does not occur automatically.
Transport Protocol
All the information that flows through the APIs are carried out by the HTTPS protocol, which ensures a safe channel and does not require the tokens to be encrypted manually. Learn more details about the HTTPS protocol usage.
Authentication Errors
Some errors are addressed during Tokens authentication. See the errors list below:
Absence of one of the Tokens: Both Tokens must go through all the requests. If one of them is absent, the error 401 Unauthorized will return.
Nonexistent/wrong Token:If any of those Tokens do not exist or have any error (if it has been changed), the error 401 Unauthorized will return.
Revoked Tokens (invalid): If any of the Tokens has been revoked, it will be considered invalid, and the error 403 Forbidden will return.
For absence errors of one of the Tokens and/or a wrong/nonexistent Token, you can take actions with the developer, in order to validate whether the given information is valid. For revoked tokens (invalid), the only applicable action is to request a new token.
