Skip to main content

Private app authentication

Private apps authenticate using HTTP authentication in order to use Haravan’s API resources. This guide shows you how to authenticate a private app.

Requirements

Limitations and considerations

Only the Store owner can create Private app.

Private app installed only on a single Haravan store (the store created that private app).

Haravan doesn't support cookies in POST requests that use Private HTTP authentication. Any POST requests that use Private authentication and include cookies will fail with a 200 error code. Using cookies with Private authentication can expose your app to CSRF attacks, such as session hijacking.

Generate API credentials from admin store

Store owner can generate the required credentials from the Haravan admin store of the store that you want to connect with your app. This API credentials identify your app during the authorization process.

  1. From your Haravan admin, go to Apps.

  2. Click Private apps, near the top right of the page.

  3. Click Create new private app.

  4. Enter a name for the private app.

  5. In the API permissions, select the areas of your store that you want the app to be able to access.

  6. Click Create private apps.

After you save the app's details, the App details section shows the app's Token. You use this credentials to make authenticated requests.

Generate API credentials from developer dashboard

Store owner can generate the required credentials from the Developer dashboard of the store that you want to connect with your app. This API credentials identify your app during the authorization process.

  1. Go to Developer dashboard by your Store owner account.

  2. Click Create App, near the top right of the page.

  3. Enter a name, a description for the app and a redirect url. Redirect Url is your app's domain, if you don't have domain, leave it localhost.

  4. Click Create.

  5. In the App detail, Click menu Private Token, then Click button Create Private Token.

  6. Enter a name for the private token and check the areas of your store that you want the private token to be able to access.

  7. Click Create.

  8. In the Private Token details, to show Token you must re-enter your password (store owner).

The Private Token details shows the app's Token. You use this credentials in the next step to make authenticated requests.

Make authenticated requests

Private apps can authenticate with Haravan by including the request header Authorization: Bearer {access_token}, where {access_token} is replaced by your private app's Token.

The following examples show how to retrieve a list of products using the REST Omni API.

    curl -X GET \
    https://apis.haravan.com/com/products.json \
    -H 'Content-Type: application/json' \
    -H 'Authorization: Bearer {access_token}'

Changes to permissions

Only the Store owner can create private app and change what areas of the store a private app can access.