- Order Processing
Authentication is the process of determining whether someone or something is, in fact, who or what it is declared to be. To authenticate with our API, you must have already signed up for access and received your API access token.
For the impatient, here's how to make a basic request to our API.
~ $ curl -H "Authorization: Bearer Abc123XYZ" http://api.wps-inc.com/items
To use any part of the WPS API, you'll need an API access token. The WPS API uses access tokens to associate requests to API resources with your
account. In this quick example, you would replace
Abc123XYZ with the access token you were issued.
Just an exampleKeep in mind that there are many, many other ways to make HTTP requests besides
curl. We'll go into more detail throughout the documentation but the cURL example is one that many programmers/developers/engineers are familiar with.
What is an API Access Token?
An access token is a unique identifier of an application requesting access to our service. When you sign up, we review your submissions and generate an API access token for your application to use when requesting our API service. We can then match the token you provide to the one we store on our side in order to authenticate. API access tokens are a replacement to sending some username/password combination over HTTP which is not as secure.
WarningRemember to keep your access tokens secret; treat them just like passwords! They act on your behalf when interacting with the API. Don't hard-code them into your programs. Instead, opt to use them as environment variables.
Using your token
"Okay, I signed up, I was issued an API access token, now what?"
Access tokens are used in the
Authorization header of your HTTP requests.
Authorization: Bearer AzH7wRqmXmQg63EXAMPLEdrYIynLrRyZHJCEaz0jT
Pro Tip→ Grab a good REST ClientA great way to try out our API and practice making HTTP requests is with a good REST client tool like Postman. Postman is a free extension for the Google Chrome browser that helps developers test APIs.
Using your access token in Postman would look something like this:
Every access token that is issued has permissions to make certain types of requests to the WPS API – these are called scopes. If you receive an error specifying that you do not have the appropriate scope, this means you are not allowed to access that resource. If you believe this is a mistake and you should have access, please contact us.
API access tokens align with account permissions. If your account is deleted or if you are no longer allowed access to our API, your tokens will be revoked.