Get OAuth 2.0 Access Token
Generate an access token for API authentication. The token is valid for 24 hours.
Authentication Flow:
- Send credentials to this endpoint to receive access_token
- Use access_token as Bearer token (Type: OAUTH 2.0) in Authorization header for all subsequent requests
- Token expires after 24 hours - obtain new token when expired
Note: The request URL depends on the environment:
- Production: https://login.salesforce.com/services/oauth2/token
- Certification: https://test.salesforce.com/services/oauth2/token
Request Body
Content type: application/x-www-form-urlencoded
Required5 fields
grant_typestringenumOAuth 2.0 grant type - must be literal "password" text
client_idstringClient ID provided by MerchantE (different for each sandbox/org)
client_secretstringClient secret provided by MerchantE (different for each sandbox/org)
format=password
usernamestringAPI username provided by MerchantE (different for each sandbox/org)
passwordstringPassword concatenated with Security Token ({{Password+Security_Token}}). Security Token is not always required depending on org configuration.
format=password
Enums (1)
grant_type
password
Validations (2)
client_secret
format=password
password
format=password
Response
200
Success
Common3 fields
access_tokenstringBearer token for API authentication (valid for 24 hours)
instance_urlstringBase URL for all subsequent API calls. Use this URL as the host for create/update/status requests.
format=uri
token_typestringenumToken type (always "Bearer")
When Provided3 fields
idstringIdentity URL for the authenticated user
format=uri
issued_atstringUnix timestamp (milliseconds) when token was issued
signaturestringHMAC-SHA256 signature for token validation
Important Notes
- Auth token is valid for 24 hours
- Password field should contain: password + security token (concatenated)
- Security token may not be required depending on org configuration
- Use the returned
access_tokenfor subsequent API calls - Use the
instance_urlas the base URL for all API calls
Code samples
Copy-paste ready code in your preferred language.
API call
Copy/paste friendly
curl -X POST "https://merchante-solutions--cert.my.salesforce.com/services/oauth2/token" \
-H "Content-Type: application/x-www-form-urlencoded" \
--data-urlencode "grant_type=password" \
--data-urlencode "client_id=YOUR_CLIENT_ID" \
--data-urlencode "client_secret=YOUR_CLIENT_SECRET" \
--data-urlencode "username=partnerportalapi@merchante.com.cert" \
--data-urlencode "password=YOUR_PASSWORD_AND_SECURITY_TOKEN"Tip: After getting a successful response, copy the
access_token value and use it as a Bearer token in the Authorization header for all subsequent API calls.