API Authentication

Fabric APIs use sysapps, which employ OpenID Connect's Client Credential Flow for API authentication.

Sysapp Authentication

Sysapp authentication is the process by which a system application verifies its identity and obtains authorization to access specific APIs or services. System Applications, also called sysapps, are specialized software applications designed to perform automated tasks and system-level functions. Sysapps do not authenticate end-users and are not associated with user pools, hence these API applications are not intended for direct use by shoppers for storefront authentication. Sysapp only facilitates secure and efficient system-level interactions with fabric APIs. Sysapps are commonly deployed in enterprise contexts, including systems such as Enterprise Resource Planning (ERP), Order Management Systems (OMS), Warehouse Management Systems (WMS) and Storefronts.

A sysapp uses OpenID Connect to obtain an access token referred to as a system token:

  1. The sysapp possesses a unique identifier called a client ID and a confidential client secret.
  2. To initiate authentication, the sysapp sends a request to an authorization server, providing its client ID and client secret.
  3. If the provided client ID and client secret are valid, the authorization server issues an access token referred to as a system token to the sysapp.
    This system token serves as the key for the sysapp to make authorized requests to APIs or services, representing the system during interactions. Sysapps use this token for all subsequent fabric API calls.

Related Resources