Note: This guide is meant to be accompanied with Deliverr's API spec: https://api.deliverr.com/documentation/v1/spec
Deliverr’s API uses a custom implementation of the OAuth 2.0 Authorization Code flow to authenticate users.
-
To start the authentication process, please go to the following link:
<https://api.deliverr.com/oauth/v1/authorize>? scopes={scopes}& redirect_uri={redirect_uri} example: <https://api.deliverr.com/oauth/v1/authorize>? scopes=api/reports+api/returns& redirect_uri=https://deliverr.com
- Replace
{scopes}
with the scope(s) you would like access to. To request multiple scopes, you can join them with+
as the separator between scopes. For the respective API end points, the allowed scopes are: api/products
- access to products endpointsapi/inbounds
- access to inbounds endpointsapi/orders
- access to orders endpointsapi/returns
- access to returns endpointsapi/parcels
- access to parcel endpointsapi/reports
- access to reports endpointsapi/webhooks
- access to webhooks endpoints- Replace
{redirect_uri}
with your service URL where you would like to receive the authorization code
It will redirect you to the following consent screen:
- Replace
-
Login with the same credentials as your Deliverr account; you will be redirected to the
redirect_uri
you specified (in step #1 above), along with the code query parameter:-
For the example above in step #1, it can be
[<https://deliverr.com?code=e4869c3e-f532-4068-b732-4a186a9a08c0>](<https://deliverr.com?code=e4869c3e-f532-4068-b732-4a186a9a08c0>)
-
-
Use the code parameter value to make the following request to the OAuth token endpoint in the API with the
authorization_code
grant type:curl --location --request POST '<https://api.deliverr.com/oauth/v1/token>' \\ --header 'Content-Type: application/x-www-form-urlencoded' \\ --data-urlencode 'code={received_code_value}' \\ --data-urlencode 'grant_type=authorization_code'
- Note that the request body must be in the
application/x-www-form-urlencoded
format
You will receive a response like this:
{ "access_token": {valid access token}, -- 1 hour expiration "refresh_token": {valid refresh token}, -- 10 year expiration "expires_in": 3600, "token_type": "Bearer" }
The refresh token does not expire. Pass in the
access_token
value as a Bearer token in the Authorization header to authenticate your requests to the public API. - Note that the request body must be in the
-
Access tokens have a 1 hour lifetime. To generate new access tokens as needed, make the following request to the OAuth token endpoint
curl --location --request POST '<https://api.deliverr.com/oauth/v1/token>' \\ --header 'Content-Type: application/x-www-form-urlencoded' \\ --data-urlencode 'refresh_token={received_refresh_token}' \\ --data-urlencode 'grant_type=refresh_token'
You will receive a response like this:
{ "access_token": {valid access token}, "expires_in": 3600, "token_type": "Bearer" }
The access token has a 1 hour life time from when it was generated.