Discontinued tokens passing in query params of API calls

What's new

The old way of passing access tokens in API calls is now completely disabled for all applications.

Changes in API

From now on, access tokens for API calls work only if passed as a Bearer token through the Authorization header.

GET /api/v3/1003/profile HTTP/1.1
Host: app.ecwid.com
Authorization: Bearer secret_token

GET /api/v3/1003/profile?token=secret_token HTTP/1.1
Host: app.ecwid.com

Why the changes are breaking

Making successful API calls with a token passed as a query param is now impossible. If an app still uses this approach, it can't use REST API.

How to update the app

1. Check if your app makes API calls.

2. If calls add an access token to the URL, remove the token from URL and add it as a Bearer token in the Authorization header instead.