Ecwid API authentication uses oAuth2 so you can get API access without asking users to copy and paste any credentials. See "Authentication basics" for more details. The way you get an access token for a particular store depends on how your application is installed — in most popular cases, Ecwid partially handles oAuth process so you can get a token more easily.
- If an app is installed from Ecwid App Market, user consent step is handled by Ecwid. So, after your app is installed, you will get either an encrypted payload containing access token or a temporary code you can exchange for a token.
- If an app is installed from outside, the process involves full OAuth flow. Ecwid will first send users to a consent dialog, then send you a temporary code that you must exchange for a token.
- For the single-store customizations, you can bypass oAuth completely and get an access token from your Ecwid Control Panel.
See details below.