SOAP API Credentials Flow

This is a bridge for existing ChannelAdvisor partners to obtain access to the new REST API without the need of involving the seller.  A developer may obtain a pre-authenticated access token by sending a request to the token endpoint using their existing SOAP API credentials.

 

SOAP API Credentials Flow Steps (outside of the OAuth 2.0 standard)

  1. This flow is initiated by passing a grant_type of soap to the token endpoint along with the a form-url-encoded payload that includes the application ID, shared secret, SOAP developer key, password, account ID, and a space delimited list of the scopes requested. The application ID and shared secret should be set as the username and password for basic http authentication. 

    POST https://api.channeladvisor.com/oauth2/token
    
    Content-Type: application/x-www-form-urlencoded
    Authorization: Basic [application id:shared secret]
    
    client_id = [application id]
    grant_type = soap
    scope = orders inventory
    developer_key = [soap developer key]
    password = [soap developer password]
    account_id = [soap account id]

    The application ID and shared secret are concatenated using a colon then RFC2045-MIME (base-64) encoded.  For example, the application ID is 12345 and shared secret is abcde, they are then concatenated (12345:abcde) then encoded (MTIzNDU6YWJjZGU=).

    Note: the scope can be limited to the available scopes in the ChannelAdvisor API. Therefore, if "orders" is defined in the above scope, and "inventory" is excluded, subsequent calls will only be allowed to "Orders" endpoints. See available endpoints under Available Authorization Scopes.
     

  2.  An access token is returned along with the time (in seconds) before expiration.

    {
      "access_token": [access token], 
      "token_type": "bearer", 
      "expires_in": 3600
    }

 

Limitations

  1. Access tokens will only be issued for accounts that have been previously granted access to the SOAP developer key.
  2. To gain access to additional accounts when using the SOAP Authorization Flow, use the RequestAccess method of the SOAP API Admin Service.
    1. This is a SOAP call, please reference the WSDL on the Admin Service page.
    2. This call can be made with REST - see instructions here.
  3. Access across multiple ChannelAdvisor accounts is not available when using the SOAP Authorization Flow.  Only the single account specified may be used.  For multi-account access, please use the Authorization Code Flow.