Authorization
header:
GET
request to:
Parameter | Description |
---|---|
client_id | Your client ID (from Step 1). |
scope | Space-separated list of scopes granted in Step 1. If using refresh tokens, include offline_access . |
redirect_uri | Callback URI that must match one provided during client registration. |
state | Recommended for preventing replay attacks; echoed back in the callback. |
nonce | A random string to prevent token replay attacks. |
POST
request:
offline_access
, a refresh_token
will also be provided. Use it to obtain new tokens without requiring user login:
shipbob_channel_id
in headers. Retrieve it via: