Authentication
import { Callout } from 'nextra/components'
Authentication
The Gett B2C API uses OAuth 2.0 client credentials flow for authentication. You'll need to obtain a bearer token before making any API requests.
Bearer tokens have a limited lifespan. Implement token refresh logic in your application to handle expired tokens gracefully.Obtaining a Bearer Token
Endpoint
POST https://api.gett.com/v1/oauth/token
Headers
Content-Type: application/x-www-form-urlencoded
Parameters
| Parameter | Type | Required | Description |
|---|---|---|---|
client_id | string | Yes | The client ID provided by Gett |
client_secret | string | Yes | The client secret provided by Gett |
grant_type | string | Yes | Must be client_credentials |
scope | string | Yes | Must be demand_partner |
Example Request
curl --request POST 'https://api.gett.com/v1/oauth/token' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'client_id=your_client_id_here' \
--data-urlencode 'client_secret=your_client_secret_here' \
--data-urlencode 'grant_type=client_credentials' \
--data-urlencode 'scope=demand_partner'
Example Response
{
"access_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
"token_type": "Bearer",
"expires_in": 3600,
"scope": "demand_partner"
}
Using the Bearer Token
Include the bearer token in the Authorization header of all subsequent API requests:
Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...
Example Authenticated Request
curl --request GET 'https://api.gett.com/v1/private/orders/status/12345' \
--header 'Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...' \
--header 'Content-Type: application/json'
Token Expiration
Tokens expire after the time specified in the expires_in field (typically 3600 seconds or 1 hour). When a token expires, you'll receive a 401 Unauthorized response.
Handling Expired Tokens
- Monitor the
expires_invalue from the token response - Implement automatic token refresh before expiration
- Handle
401responses by refreshing the token and retrying the request
Example Token Refresh Logic
class GettAPIClient {
constructor(clientId, clientSecret) {
this.clientId = clientId;
this.clientSecret = clientSecret;
this.token = null;
this.tokenExpiry = null;
}
async getToken() {
if (this.token && this.tokenExpiry > Date.now()) {
return this.token;
}
const response = await fetch('https://api.gett.com/v1/oauth/token', {
method: 'POST',
headers: {
'Content-Type': 'application/x-www-form-urlencoded',
},
body: new URLSearchParams({
client_id: this.clientId,
client_secret: this.clientSecret,
grant_type: 'client_credentials',
scope: 'demand_partner'
})
});
const data = await response.json();
this.token = data.access_token;
this.tokenExpiry = Date.now() + (data.expires_in * 1000) - 60000; // Refresh 1 minute early
return this.token;
}
}
Security Best Practices
**Never expose your client credentials in client-side code or public repositories.**
- Store client credentials securely (environment variables, secure key management)
- Use HTTPS for all API communications
- Implement proper error handling for authentication failures
- Consider implementing token caching to reduce authentication requests
- Rotate credentials periodically as part of your security practices
Troubleshooting
Common Authentication Errors
| Error | Description | Solution |
|---|---|---|
invalid_client | Invalid client credentials | Verify your client_id and client_secret |
invalid_scope | Invalid scope parameter | Ensure scope is set to demand_partner |
invalid_grant | Invalid grant type | Ensure grant_type is client_credentials |
401 Unauthorized | Token expired or invalid | Refresh your token and retry the request |
Updated 7 days ago