API EXCHANGE TOKEN

1. Target

- Change the application's current access token to omnipower access token.

2. Prepare

- First you need to create an application at https://developers.haravan.com

- Check which scope corresponds to the API that your application is using.

- After checking, select the scopes you want at https://developers.haravan.com

- If your application uses webhooks, you need to register webhook at https://developers.haravan.com and add scope: wh_api

- Follow URLs below for more information:

3. Exchange token to omnopower token

3.1 Request

Method

URL

POST

https://{{shopname}}.myharavan.com/admin/token_exchange.json

Header:  
   Content-Type: application/json
   Authorization: Bearer + access_token (access_token v1)

Body raw json:
      "token_exchange": {
          "client_id" : "3822ef06f517aa588bda96d0cbb8d703",
          "secret_key" : "7626b631286351df09eabbe43bb8f128c8780d637f19b248a83a2a23c8abf818",
          "scopes" : ["offline_access","openid","profile","email","org","userinfo","wh_api","web.write_script_tags","grant_service"]
      }


Property

Required

Description

1

client_id (String)

true

App_id was obtained after creating the application at https://developers.haravan.com

2

secret_key (String)

true

App_secret was obtained after creating the application at https://developers.haravan.com

3

scopes (array string)

true

Scopes include the required and the optional used to install the application
+ The required: openid, profile, email, org, userinfo, grant_service
+ Scope using webhook : wh_api (the optional)
+ Other scopes must correspond to the scopes selected at preparation step

Note:
+ When using write permission must include read permission.
+ When only using read permission, there is no need to write permission.
+ Ex :

  • com.write_products com.read_products (Use both write and read products for the application).
  • com.read_products (Only use read products for the application).

3.2 Response

Status

Response

200

{
  "token": {
    "access_token": "7658a833f780877b318a2a48cb50e16502d8e6dbfd366c08ea09b4344a72e6ac",
    "refresh_token": "8aa2e46cb64be7f7920f3c7834b3e7dde54d8c446e5c117b719a3832c53e2a80",
    "created_time": 1572407590,
    "expires_in": 2147483647,
    "token_type": "Bearer"
  }
}


422

{"error": "Unprocessable Entity"}

401

Unauthorized

429

Too many requests

500

Something went wrong. Please try again later.

3.3 Demo on Postman

- Older applications have access_token (access_token v1) like below.

access_token : "HwGDhg3duw-ufFA83Dr0dxHVoia8GekSp7p24QkQes8HjwxQ-zC1toC_vGXs6YjMk8XwxX8agyVREbAmro7pQYGrIfUcxYlTxfQOsmHXyozjWAk_KVT7zerUXH7EInhJCQMj8wS41KChgY4epLy-VKHg3KLGs614oeLqijcnm6AEg7T67sSV2OKVEq7AYZFCf2ufO2RscPbo69SZE04StVECjcY8-HIKStNlMKaQKYl4UvZzRxiMW5YUGmu8Ph4jf_8R02E4H2y_ojoxBQUiuIuIU0Jwa9bVRzNznQ8s57N0HKAk1898Dii8nu-W_FQUK2YckAvt64Wtk-wbP1Qqkz5tPA1WDBSX7iCyaRwYcMryNmc4Ozth-1AM-BZIMeZDTHbSdQsUxH58KkFGegdLIwv0c_4crViTz8RBbr8VKymoSdiXhOKnjVsyvWMxvLEhMf-8tpGh--QWrHMQUyZi6Z2pCe9E1kCcN74EkKZna7j58tGwN0Yw0-SJSgGRUCODsQTfcA"

- Use this access_token to call the exchange token API.

+ Pass this access_token into the header

Pass this access_token into the header

+ Pass client_id, secret_key, scopes into body

Pass client_id, secret_key, scopes into body

+ Finally you get access token of omnipower (access_token v2)

Finally you get access token of omnipower (access_token v2)