Discontinued tokens passing in query params of API calls
Breaking changes! Сhanges listed below may break some apps' logic.
What's new
The old way of passing access tokens in API calls is now completely disabled for all applications.
Make your first API requestChanges in API
From now on, access tokens for API calls work only if passed as a Bearer token through the Authorization header.
GET /api/v3/1003/profile HTTP/1.1
Host: app.ecwid.com
Authorization: Bearer secret_tokenwhere:
1003- Ecwid store IDsecret_token- access token of the app
GET /api/v3/1003/profile?token=secret_token HTTP/1.1
Host: app.ecwid.comwhere:
1003- Ecwid store IDsecret_token- access token of the app
Why the changes are breaking
Making successful API calls with a token passed as a query param is now impossible. If an app still uses this approach, it can't use REST API.
How to update the app
Check if your app makes API calls.
If calls add an access token to the URL, remove the token from URL and add it as a
Bearer tokenin theAuthorizationheader instead.
Last updated
Was this helpful?