You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: guides/v2.0/get-started/authentication/gs-authentication-token.md
+12-4Lines changed: 12 additions & 4 deletions
Original file line number
Diff line number
Diff line change
@@ -25,7 +25,9 @@ Request|REST|SOAP
25
25
Get an admin token | `POST /V1/integration/admin/token` | `integrationAdminTokenServiceV1`
26
26
Get a customer token | `POST /V1/integration/customer/token` | `integrationCustomerTokenServiceV1`
27
27
28
-
For most {% glossarytooltip 377dc0a3-b8a7-4dfa-808e-2de37e4c0029 %}web API{% endglossarytooltip %} calls, you supply this token in the `Authorization` request header with the `Bearer` HTTP {% glossarytooltip 34ecb0ab-b8a3-42d9-a728-0b893e8c0417 %}authorization{% endglossarytooltip %} scheme to prove your identity. The token never expires, but it can be revoked.
28
+
For most {% glossarytooltip 377dc0a3-b8a7-4dfa-808e-2de37e4c0029 %}web API{% endglossarytooltip %} calls, you supply this token in the `Authorization` request header with the `Bearer` HTTP {% glossarytooltip 34ecb0ab-b8a3-42d9-a728-0b893e8c0417 %}authorization{% endglossarytooltip %} scheme to prove your identity. By default, an admin token is valid for 4 hours, while a customer token is valid for 1 hour. You can change these values from Admin by selecting **Configuration > Services > OAuth > Access Token Expiration**.
29
+
30
+
A cron job that runs hourly removes all expired tokens.
29
31
30
32
## Request a token {#request-token}
31
33
@@ -70,13 +72,19 @@ The following image shows a token request for the {% glossarytooltip 29ddb393-ca
70
72
71
73
The following example uses the `curl` command to request a token for a customer account:
72
74
73
-
`curl -X POST "https://magento.host/index.php/rest/V1/integration/customer/token" \
75
+
```
76
+
curl -X POST "https://magento.host/index.php/rest/V1/integration/customer/token" \
The following example makes the same request with {% glossarytooltip 8c0645c5-aa6b-4a52-8266-5659a8b9d079 %}XML{% endglossarytooltip %} for a customer account token:
78
82
79
-
`curl -X POST "http://magento.vg/index.php/rest/V1/integration/customer/token" -H "Content-Type:application/xml" -d '<login><username>[email protected]</username><password>customer1pw</password></login>'`
83
+
```
84
+
curl -X POST "http://magento.vg/index.php/rest/V1/integration/customer/token" \
Copy file name to clipboardExpand all lines: guides/v2.1/get-started/order-tutorial/order-admin-token.md
+2Lines changed: 2 additions & 0 deletions
Original file line number
Diff line number
Diff line change
@@ -46,6 +46,8 @@ This section lists the information that Magento sends to the REST client. These
46
46
47
47
Most REST calls to Magento require an {% glossarytooltip 34ecb0ab-b8a3-42d9-a728-0b893e8c0417 %}authorization{% endglossarytooltip %} token. The token allows Magento to verify that the caller is authorized to access a system resource. To get a token, you must specify the user's username and password in the payload.
48
48
49
+
By default, an admin token is valid for 4 hours. To change this value, log in to Admin and go to **Configuration > Services > OAuth > Access Token Expiration**.
50
+
49
51
See [Token-based authentication]({{page.baseurl}}get-started/authentication/gs-authentication-token.md) for more information about authorization tokens.
Copy file name to clipboardExpand all lines: guides/v2.1/get-started/order-tutorial/order-create-customer.md
+4-1Lines changed: 4 additions & 1 deletion
Original file line number
Diff line number
Diff line change
@@ -119,7 +119,10 @@ You can log in to the Luma store using the user name `[email protected]` and pass
119
119
120
120
### Get the customer's access token {#get-token}
121
121
122
-
To get a customer's access token, you must specify the customer's username and password in the payload. You do not need to specify an {% glossarytooltip 34ecb0ab-b8a3-42d9-a728-0b893e8c0417 %}authorization{% endglossarytooltip %} token.
122
+
To get a customer's access token, you must specify the customer's username and password in the payload. You do not need to specify an admin {% glossarytooltip 34ecb0ab-b8a3-42d9-a728-0b893e8c0417 %}authorization{% endglossarytooltip %} token.
123
+
124
+
By default, a customer token is valid for 1 hour. To change this value, log in to Admin and go to **Configuration > Services > OAuth > Access Token Expiration**.
0 commit comments