OAuth2 authentication

Please note:
It is your responsibility to properly set up all translation features, perform testing, and request support from ShipEdge in a timely manner. It is your responsibility to test and verify the integration between ShipEdge and any 3rd party selling channel. We strongly recommend frequent testing of any integration, especially when changes occur on your selling channel (e.g. SKU renaming, shipping method variations, permissions, and credentials). ShipEdge is not responsible for translation issues, omitted orders, or any other issues related to communication with any 3rd party selling channel. Support for channel automation requires at least 24 hours for investigation before any action can be taken (hourly development charges may apply). The warehouse is not responsible for any omission, duplication or error in your orders coming through this system, and you agree not to get the warehouse involved in integration issues, nor will they make any exception or procedure changes due to the use of this feature.


The Authentication API enables you to manage all aspects of user identity when you use Auth0. It offers endpoints so your users can log in, sign up, log out, access APIs, and more.

OAuth2 authentication

Base URL

The Authentication API is served over HTTPS. All URLs referenced in the documentation have the following base: https://apps.shipedge.com

Authentication method

Generate Token

To configure the authentication via the password grant type and retrieve the access token:

  1. Provide your Request URL.The Request URL consists of your application URL and the /oauth2-token slug, e.g., https://apps.shipedge.com/oauth/token
  2. Specify the content-type in headers:Content-Type: application/json
  3. Send a POST request with the following body parameters to the authorization server:
    • grant_type with the value password
    • client_id with the client identifier
    • client_secret with the client’s secret
    • username with the user’s username
    • password with the user’s password
  4. Receive response from the authorization server with a JSON object containing the following properties:
    • token_type with the value Bearer
    • expires_in = 600 seconds. Once the token is generated, it is valid for an hour and can be used multiple times within this time limit to request the necessary data. Expiration time can by configured in config.yml
    • access_token a JSON web token signed with the authorization server’s private key
    • refresh_token a JSON web token used to request a new token when the access_token expires
  5. Use the generated access token to make requests to the API.



POST /oauth/token
HTTP/1.1 Content-Type: application/json

Request Body

grant_type“: “password”,
client_id“: “your client identifier”,
client_secret“: “your client secret”,
username“: “your user username”,
password“: “your user password”

Response Body

“token_type”: “Bearer”,
“expires_in”: 600,
“access_token”: “your access token”,
“refresh_token” “your refresh token”

The received access token can be used multiple times until it expires.

An example of an API request:

PATCH /shipedge/warehouses/{warehouse_id}/accounts/{account}/bins/bin-lock
HTTP/1.1 Content-Type: application/vnd.api+json
Authorization: Bearer your access token


When an error occurs, you will receive an error object. Most of these error objects contain an error code and an error description so that your applications can more efficiently identify the problem.

If you get an 4xx HTTP response code, then you can assume that there is a bad request from your end. In this case, check the Standard Error Responses for more context.

Last updated byVinny Souza on August 13, 2020