MerchantE API Docs

Get OAuth 2.0 Access Token

Generate an access token for API authentication. The token is valid for 24 hours.

Authentication Flow:

  1. Send credentials to this endpoint to receive access_token
  2. Use access_token as Bearer token (Type: OAUTH 2.0) in Authorization header for all subsequent requests
  3. Token expires after 24 hours - obtain new token when expired

Note: The request URL depends on the environment:

Request Body

Content type: application/x-www-form-urlencoded

Required5 fields
grant_typestringenum
OAuth 2.0 grant type - must be literal "password" text
client_idstring
Client ID provided by MerchantE (different for each sandbox/org)
client_secretstring
Client secret provided by MerchantE (different for each sandbox/org)
format=password
usernamestring
API username provided by MerchantE (different for each sandbox/org)
passwordstring
Password concatenated with Security Token ({{Password+Security_Token}}). Security Token is not always required depending on org configuration.
format=password
Enums (1)
grant_type
password
Validations (2)
client_secret
format=password
password
format=password

Response

200
Success
Common3 fields
access_tokenstring
Bearer token for API authentication (valid for 24 hours)
instance_urlstring
Base URL for all subsequent API calls. Use this URL as the host for create/update/status requests.
format=uri
token_typestringenum
Token type (always "Bearer")
When Provided3 fields
idstring
Identity URL for the authenticated user
format=uri
issued_atstring
Unix timestamp (milliseconds) when token was issued
signaturestring
HMAC-SHA256 signature for token validation

Important Notes

  • Auth token is valid for 24 hours
  • Password field should contain: password + security token (concatenated)
  • Security token may not be required depending on org configuration
  • Use the returned access_token for subsequent API calls
  • Use the instance_url as the base URL for all API calls

Code samples

Copy-paste ready code in your preferred language.

API call

Copy/paste friendly
curl -X POST "https://merchante-solutions--cert.my.salesforce.com/services/oauth2/token" \
  -H "Content-Type: application/x-www-form-urlencoded" \
  --data-urlencode "grant_type=password" \
  --data-urlencode "client_id=YOUR_CLIENT_ID" \
  --data-urlencode "client_secret=YOUR_CLIENT_SECRET" \
  --data-urlencode "username=partnerportalapi@merchante.com.cert" \
  --data-urlencode "password=YOUR_PASSWORD_AND_SECURITY_TOKEN"
Tip: After getting a successful response, copy the access_token value and use it as a Bearer token in the Authorization header for all subsequent API calls.