Discontinued tokens passing in query params of API calls

Breaking changes! Сhanges listed below may break some apps' logic.

What's new

The old way of passing access tokens in API calls is now completely disabled for all applications.

Make your first API request

Changes in API

From now on, access tokens for API calls work only if passed as a Bearer token through the Authorization header.

GET /api/v3/1003/profile HTTP/1.1
Host: app.ecwid.com
Authorization: Bearer secret_token

where:

1003 - Ecwid store ID
secret_token - access token of the app

Why the changes are breaking

Making successful API calls with a token passed as a query param is now impossible. If an app still uses this approach, it can't use REST API.

How to update the app

Check if your app makes API calls.
If calls add an access token to the URL, remove the token from URL and add it as a Bearer token in the Authorization header instead.

Last updated 11 months ago

Was this helpful?