Authentication and authorization
The Merchant API is available at https://api.sandbox.deliverygateway.io/graphql/merchant in the sandbox environment and https://api.deliverygateway.io/graphql/merchant in the production environment.
To make any request to this single endpoint, you must create an access token using the Bearer Authentication schema. You can manage your access tokens via either the web interface or the API.
An access token provides authentication and role-based authorization: each role has its own set of permissions. When creating a token, you must select one or more roles and the corresponding permissions.
Create Bearer token on the web interface
-
Log in to the Delivery Gateway admin interface.
-
Find Access Tokens on the left.
-
In the top right corner, click New Access Tokens.
-
Set a name and optionally, an expiration date.
If you leave the expiration date empty, your token will never expire. For security reasons, we recommend regularly regenerating your tokens.
-
In the Roles dropdown menu, select all the roles you need.
-
Optionally, create an allowlist for the token: click Add to set IP addresses and HTTP referers that are allowed to send requests. You can add as many as you need: click Add again for more input fields.
-
When done, click Create.
-
Copy your token from the dialog.
Note that if you close the dialog without copying the token, you won't be able to retrieve it again.
Create Bearer token with the API
Create a token with the createToken mutation. It requires a token name and the roles assigned to the token. You can set multiple roles in a comma-separated list.
mutation {
createToken(
input: {
name: "my_new_token",
roles: [MERCHANT_CONFIGURATION, MERCHANT_OPERATOR]
}
)
}
You can create an allowlist using the allowlist field. Set IP addresses and HTTP referers that are allowed to send requests:
mutation {
createToken(
input: {
name: "my_new_token",
roles: [MERCHANT_CONFIGURATION, MERCHANT_OPERATOR, MERCHANT_WEBHOOK],
allowlist: {
ips: "192.0.2.1",
referers: "https://acmecorp.com"
}
}
)
}