Bearer auth (http)
Deliverect APIs are secured using OAuth 2.0 with Bearer tokens.
After signing an API agreement with Deliverect, you will receive staging API credentials (client_id and client_secret), which are used to generate an access_token via the token endpoint:
https://api.staging.deliverect.com/oauth/token
The access_token remains valid for 24 hours and will be returned with an expires_at value (epoch timestamp of expiry) and an expires_in value (remaining validity in seconds). Tokens can be cached and reused until expiry. Do not request a new token for every API call.
The token must be included in all API requests using the Authorization HTTP header:
Authorization: Bearer <token>
Access Provisioning for Staging and Production
- Staging credentials are provided upon partner registration
- Production credentials are only issued after successful certification
- Credentials grant access to all connected customer accounts in their respective environment.
Keep your client_id and client_secret secure. These credentials grant access to all accounts linked to your integration. Never share them.
Scopes
Scopes are included in your access token and determine which API endpoints your integration can access depending on your partnership type.
Available Scopes
| Scope | Access |
|---|---|
genericChannel:{channel_scope} |
All endpoints within the Channel API |
genericPOS |
All endpoints within the POS + Store API |
store |
All endpoints within the Store API |
genericFulfillment |
All endpoints within the Dispatch API |
genericKDS |
All endpoints within the KDS API |
payments |
All endpoints within the DPAY API |
genericCommerce |
All endpoints within the Commerce API |