Using Access Tokens

All zDirect Platform API calls require a valid access_token value as a bearer token in the Authorization HTTP Header.

In this section, we will illustrate how to use an access token in an example call to the /auth/me endpoint of the Authorization API, which returns your Merchant Identifier and other information.

To do so using httpie, send the following command, substituting your actual access token for the placeholder value:

http -v \
https://api-sandbox.merchants.zalando.com/auth/me \
"Authorization:Bearer $YOUR_ACCESS_TOKEN"

Be sure enclose the Authorization:Bearer in quotes as shown.

The actual HTTP request looks like this:

GET /auth/me HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJxNzFqcXM4bHFNWUtrOGhOb0RXVUh3TG56bHhXMEg5REdScmZZNE03UFdvIn0.eyJqdGkiOiJiNDFiNWY5OC0xNTI3LTRkN2QtYjU4Yy04ZGZhM2IzMzVkNGYiLCJleHAiOjE1NzY0OTkwMTMsIm5iZiI6MCwiaWF0IjoxNTc2NDkxODEzLCJpc3MiOiJodHRwczovL2lkZW50aXR5LXN0YWdpbmcubWVyY2hhbnQtY2VudGVyLnphbGFuLmRvL2F1dGgvcmVhbG1zL21lcmNoYW50LXBsYXRmb3JtIiwiYXVkIjpbInpmcyIsIm9yZGVycyIsImFydGljbGVzIiwicHJvZHVjdHMiXSwic3ViIjoiZTRlMzEzMGQtOTFiYy00MmQyLWJlNWQtMjFlYTY5M2E4MTNlIiwidHlwIjoiQmVhcmVyIiwiYXpwIjoiMzI3MjYwZTQzNDgxM2Q2YjlkMGI5MTI1YmEzNDhiYTYiLCJhdXRoX3RpbWUiOjAsInNlc3Npb25fc3RhdGUiOiJjYzZjNmQ4Zi01ZTdiLTRlMzYtODRlMS1lOGFiMzhmZDBkNzEiLCJhY3IiOiIxIiwicmVzb3VyY2VfYWNjZXNzIjp7InpmcyI6eyJyb2xlcyI6WyJpdGVtLXF1YW50aXRpZXMvcmVhZCJdfSwib3JkZXJzIjp7InJvbGVzIjpbInJlYWQiXX0sImFydGljbGVzIjp7InJvbGVzIjpbImVhbi9yZWFkIiwic3RvY2svcmVhZCIsInJlYWQiLCJkZXRhaWwvcmVhZCJdfSwicHJvZHVjdHMiOnsicm9sZXMiOlsiZWFuL3JlYWQiLCJzdG9jay9yZWFkIiwicmVhZCIsInByaWNlL3JlYWQiLCJhdHRyaWJ1dGVzL3JlYWQiXX19LCJzY29wZSI6InByb2ZpbGUgZW1haWwiLCJicGlkcyI6ImFlNmExNjJkLWU0M2QtNGU3Yi1iMjg5LWI0YzAzYjljNGFkNCIsImFjY291bnRfaWQiOiJhZGY3Nzc3ZS0wMzViLTRlZDEtYmYzZS1iNzNhOWNmZjRjNTkiLCJjbGllbnRIb3N0IjoiMTg1Ljg1LjIyMC4yMDAiLCJjbGllbnRJZCI6IjMyNzI2MGU0MzQ4MTNkNmI5ZDBiOTEyNWJhMzQ4YmE2IiwiZW1haWxfdmVyaWZpZWQiOmZhbHNlLCJtZXJjaGFudF9hY2NvdW50X2lkIjoiZWM4ZDE1NDEtYmNiOS00MTJhLTk5YjUtOTcxYjdkY2I1NDNlIiwicHJlZmVycmVkX3VzZXJuYW1lIjoic2VydmljZS1hY2NvdW50LTMyNzI2MGU0MzQ4MTNkNmI5ZDBiOTEyNWJhMzQ4YmE2IiwiY2xpZW50QWRkcmVzcyI6IjE4NS44NS4yMjAuMjAwIiwiZW1haWwiOiJzZXJ2aWNlLWFjY291bnQtMzI3MjYwZTQzNDgxM2Q2YjlkMGI5MTI1YmEzNDhiYTZAcGxhY2Vob2xkZXIub3JnIn0.VQQyAmaK1rad9_Lx8Mrkuk3AcXoSnPtwQ3wai9IiLymw0Y1k4UQEun0TcywkTlSH-mQgo9fBpVcfGhPzgmpGqWk4uYQQAdHSbxo3E9Kk6cj9mJKJCf2s7gpMHum8ZgjpqDlBjATNYbvdl6Xs9YErAOzGo3YFQ4GFrEpfptUKqSybPBFz-2N1tBaca50X2_VkFFF3ubAUc2LhFeOeWD8yQJhAD7LkX9eMrwN9jQqtWTGsw-CK7ZSXdOO5Bi_mKCWfKJ4n-F-rfda5lLf7yW4CRGl8agWC6riVPqIuxIfLaKFSBpkTlCLV_4Sz-A7H-8ub5_GhIKNJHeHuA5kUDz8GsA
Connection: keep-alive
Host: api-sandbox.merchants.zalando.com

A successful call to /auth/me returns a JSON like the following:

HTTP/1.1 200 OK
Connection: keep-alive
Content-Length: 412
Content-Type: application/json
Date: Thu, 01 Nov 2018 11:39:34 GMT

{
    "bpids": [
        "ae6a162d-e43d-4e7b-b289-b4c03b9c4ad4"
    ],
    "client_id": "8a2333d7ae8ba1565fcc426dfa43adb4",
    "groups": [],
    "scopes": [
        "products/stock/read",
        "products/stock/write",
        "zfs/item-quantities/read",
        "orders/read",
        "orders/write",
        "sandbox"
    ]
}

The Merchant ID or IDs are returned as values for bpids (short for Business Partner IDs - another term for Merchant ID).

Note that because this app has been configured to sandbox mode in the zDirect Portal, sandbox is returned in the scopes field.

Contact Support