Auth: Get Access and Refresh Tokens
To interact with the Carusell API, you must first obtain an access token by submitting your login and password to the dedicated endpoint.
Overview
Authentication in the Carusell API is based on a token system. It follows the OAuth 2.0 framework, specifically the Resource Owner Password Credentials grant type, where tokens are issued in exchange for company credentials. When you log in using your company credentials, the API returns two tokens:
| Token Type | Description | Validity |
|---|---|---|
| Access Token | Used in the Authorization header for authenticating API calls | 30 minutes |
| Refresh Token | Used to obtain a new access token when the current one expires | 35 minutes |
How It Works
| Step | Description |
|---|---|
| 1 | Send a POST request to /configuration-management/api/v1/admin-accounts/oauth/authorize with your login and password. |
| 2 | Receive both access and refresh tokens in the response body. |
| 3 | Use the access token in the Authorization: Bearer YOUR_TOKEN header for all authenticated API requests. |
Updated about 1 month ago