advanced API - Get an access token
Written by Sascha Hoffmann
Updated over a week ago

To access the advanced API Endpoints for statistics and transactions, you must have an authorization token. You can create an authorization token using the OAuth 2 client credentials flow with the provided client credentials.

It's important to note that every token must have a valid audience, which can be found in the available audiences list. If you need to access multiple audiences with one token, separate them via an ASCII whitespace (ASCII 32 | U+0020).

If you don't have a client ID and client secret, please contact your Account Manager or email [email protected] for assistance.

It's important to note that the client secret is a confidential value and should never be shared with anyone or used in any client app. We recommend explicitly stating this in your documentation. As the customer, you are responsible for keeping your client credentials secure.

Requesting Authorization Token

To request an authorization token, you need to send an HTTP POST request to The request must have the following parameters:

  • grant_type: Set it to "client_credentials".

  • client_id: Set it to your client ID provided by Advanced-Store.

  • client_secret: Set it to your client secret provided by Advanced-Store.

  • audience: Set it to and like shown below

Example HTTP Request



Content-Type: application/x-www-form-urlencoded



HTTP Response

If the request is successful, the server will respond with an HTTP response with a JSON body that contains the following parameters:

  • access_token: The authorization token you requested.

  • expires_in: The time in seconds before the authorization token expires.

  • scope: The scope of the authorization token.

  • token_type: The type of the authorization token, which is "bearer".

Example HTTP Response

"access_token": "...",
"expires_in": 3600, // time in seconds
"scope": "",
"token_type": "bearer"

Using Authorization Token

To use the authorization token, you need to add an Authorization header to your HTTP request. The header must have the value "{YOUR_ACCESS_TOKEN}" (no bearer), where "{YOUR_ACCESS_TOKEN}" is the authorization token you received.

Example HTTP Request



Authorization: Bearer {YOUR_ACCESS_TOKEN}

Did this answer your question?