MerchantE API Docs

Get Authentication Token

Generate an OAuth 2.0 access token for API authentication.

Note: Auth token is valid for 24 hours.

Request Body

Content type: application/x-www-form-urlencoded

Required5 fields
grant_typestringenum
Literal "password" text
client_idstring
Different for each sandbox/org (provided by SE)
client_secretstring
Different for each sandbox/org (provided by SE)
usernamestring
Different for each sandbox/org
passwordstring
Password + Security Token (provided by secure email). Security Token is not always required depending on the org configuration
Enums (1)
grant_type
password

Responses

200
Successful authentication. Returns an OAuth 2.0 access token valid for 24 hours.

Successful authentication. Returns an OAuth 2.0 access token valid for 24 hours.

Common3 fields
access_tokenstring
OAuth 2.0 access token (valid for 24 hours)
instance_urlstring
token_typestring
When Provided3 fields
idstring
issued_atstring
signaturestring

Example response

access_token: 00Dxx0000000000!AQ0AQMxKzI5ODU3NzQ3NDI5OjE3MTAwMDAwMDAwMDA6cjo6OkFRRUFJUUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQQ
instance_url: https://merchante-solutions.my.salesforce.com
id: https://login.salesforce.com/id/00Dxx0000000000/005xx0000000000
token_type: Bearer
issued_at: "1710000000000"
signature: 0Cmx9lKp3hA9FJCz8V2TZxF6q8Y5bH3xZ1pN4mK7sR9dQ6wE2tL8jF3vN5cX0aB1
400
Bad request

Bad request

Common2 fields
errorstring
error_descriptionstring

Example response

{}

Important Notes

  • Auth token is valid for 24 hours
  • Password field should contain: password + security token (concatenated)
  • Security token may not be required depending on org configuration
  • Use the returned access_token for subsequent API calls

Code samples

Copy-paste ready code in your preferred language.

API call

Copy/paste friendly
curl -X POST "https://test.salesforce.com/services/oauth2/token" \
  -H "Content-Type: application/x-www-form-urlencoded" \
  --data-urlencode "grant_type=password" \
  --data-urlencode "client_id=YOUR_CLIENT_ID" \
  --data-urlencode "client_secret=YOUR_CLIENT_SECRET" \
  --data-urlencode "username=partnerportalapi@merchante.com.cert" \
  --data-urlencode "password=YOUR_PASSWORD_AND_SECURITY_TOKEN"
Tip: After getting a successful response, copy the access_token value and use it as a Bearer token in the Authorization header for all subsequent API calls.