Skip to main content

Authentication

Developer Guide

fs_id used as a unique identifier to your account, while client_id and client_secret used to acquire an access token. An access token grants limited access to a fulfillment service's account. The client_secret should be treated as a password and stored securely. There are two ways to generate the access token, using HTTP request or using Postman.

Using HTTP Request to Obtain Access Token

You need to encode your client_id and client_secret to base64 and make a POST request to https://accounts.tokopedia.com/token. Here are the complete steps:

  1. Visit base64encode.org
  2. Insert your Client ID and Client Secret with the following format: client_id:client_secret
  3. Encode to a base64 string. The encoded string will be like this: Y2xpZW50X2lkOmNsaWVudF9zZWNyZXQK
  4. Make a POST request to https://accounts.tokopedia.com/token and use the encoded string as the Basic Authorization Token. Example request:
curl -X POST \
  'https://accounts.tokopedia.com/token?grant_type=client_credentials' \
  -H 'Authorization: Basic Y2xpZW50X2lkOmNsaWVudF9zZWNyZXQK' \
  -H 'Content-Length: 0' \
  -H 'User-Agent: PostmanRuntime/7.17.1'
  1. If successful, you will receive an access_token response. When an access token expires, you should request a new token. Example response:
{
    "access_token": "LSPr7x7sRGaewzwZE6IcuA",
    "expires_in":   2592000,
    "token_type":   "Bearer"
}
  1. You can use the access_token to make HTTP request, for example:
curl -X GET \ 
    'https://fs.tokopedia.net/v1/sample/endpoint' \
    -H 'Authorization: Bearer LSPr7x7sRGaewzwZE6IcuA'

Using Postman

Postman is an application that lets you send HTTP requests to Tokopedia API endpoints. You can use Postman to obtain access_token without doing base64 encoding manually. Here are the complete steps:

  1. Open Postman. Visit Get Postman to download.
  2. Click the Authorization tab under the request URL and select OAuth 2.0 as the Type
  3. Click on the Get New Access Token
  4. Select Client Credentials as the Grant Type
  5. Input https://accounts.tokopedia.com/token to the Access Token URL field
  6. Enter your Client ID and Client Secret
  7. Finally, click on the Request Token button.

Have a feedback?