• Pages
  • /
  • Dealers
  • /
  • Data Depot
  • /
  • Version 4
  • /
  • API
  • /
  • Authentication


Authentication is the process of determining whether someone or something is, in fact, who or what it is declared to be. To authenticate with our API, you must have already signed up for access and received your API access token.


For the impatient, here's how to make a basic request to our API.

~ $ curl -H "Authorization: Bearer Abc123XYZ" http://api.wps-inc.com/items

To use any part of the WPS API, you'll need an API access token. The WPS API uses access tokens to associate requests to API resources with your account. In this quick example, you would replace Abc123XYZ with the access token you were issued.

Assuming you have completed the signup process and have been issued an access token, the request would return a list of Items.

What is an API Access Token?

An access token is a unique identifier of an application requesting access to our service. When you sign up, we review your submissions and generate an API access token for your application to use when requesting our API service. We can then match the token you provide to the one we store on our side in order to authenticate. API access tokens are a replacement to sending some username/password combination over HTTP which is not as secure.

Using your token

"Okay, I signed up, I was issued an API access token, now what?"

Access tokens are used in the Authorization header of your HTTP requests.

For example:

Authorization: Bearer AzH7wRqmXmQg63EXAMPLEdrYIynLrRyZHJCEaz0jT

Using your access token in Postman would look something like this:

Permission Scopes

Every access token that is issued has permissions to make certain types of requests to the WPS API – these are called scopes. If you receive an error specifying that you do not have the appropriate scope, this means you are not allowed to access that resource. If you believe this is a mistake and you should have access, please contact us.


API access tokens align with account permissions. If your account is deleted or if you are no longer allowed access to our API, your tokens will be revoked.