# First Commerce API Call
Once you have obtained the Client ID
and and generated the Client Secret
for your application, you will be able to obtain the API token to start making API calls.
GoDaddy Commerce uses OAuth2 for authorization, which means you must make a call to the /v2/oauth2/token
endpoint, while specifying the credentials and the different scopes you require for the API calls.
# Sample Request
curl -X POST "https://api.godaddy.com/v2/oauth2/token" \
-H "Content-Type: application/x-www-form-urlencoded" \
-d $'{
"client_id": "<client_id>",
"client_secret": "<client_secret>",
"grant_type": "client_credentials",
"scope": "commerce.<product>:read commerce.<product>:write"
}'
TIP
Scopes are optional as it should always default to the scopes defined for your application. If you specify scopes, it will be taken as a request for those specific subsets.
You must take the token from the response and pass it into the Authorization: Bearer {token}
header in your API call.
# Sample Request
curl -X "GET" "https://api.godaddy.com/v2/commerce/stores/{storeId}/products" \
-H 'Authorization: Bearer {token}' \
-H 'Content-Type: application/json; charset=utf-8'
# Refresh Token
Currently, GoDaddy Commerce APIs do not support refresh tokens. However, we recommend storing the token in a cache the first time you request it. Moving forward, on every request, you can check to see if a token exists in the cache to use it. If the token does not exist, you can then request a new token.
If you implement the right cache library, you can also auto-expire the token which will cause your application to request a new one at the right time.