Getting Started with fabric APIs

This topic will provide instructions to start using fabric’s APIs to build unique and flexible shopping experiences for your customers. We use Postman as the API client.


The base URL, which is also called fabric-base-url,{product} is the standard URL to which the requests are sent for all fabric APIs.


Before you can start using fabric’s APIs:

  • Get your trial account: Reach out to us to a trial account with fabric and get your environment and credentials set up for you. This will help you set up your Copilot account.
  • Access to your Copilot Account: Ensure you have the credentials to access your Copilot account. If you don't have an account, reach out to us. Once you have an account, you can also add new team members to collaborate effectively.
  • Get the API collection that you want to use: Ensure you have access to the API collection for the product you want to try. For more information, see the API References section.
  • Ensure that a system app is created for your account. You must have admin rights to create a system app in Copilot. For more information on creating system apps, see the Creating a System App section.
    This system app is used to authenticate you when you use fabric API endpoints. For more information about API authentication, see the Sysapp Authentication section.
  • Download the Postman client.


  1. Log in to your Copilot account.

  2. In the left menu, click Settings > Developer Tools.

  3. Click API Apps.

    • The API Apps page is displayed. This page provides a list of apps created in your account. The app type field specifies whether the application is a user app or system app.
  4. Click the name of a system app that is already created for your account.
    The details of the system app are displayed.

  5. Make a note of the following settings:

    • Authorization URL: A unique URL for each fabric merchant and is common across all system apps defined for a single merchant.
    • Client ID: Public identifier of an app.
    • Client Secret: The Secret known only to your application and the authorization server used to authenticate the app.
      These values are required for authentication of your system app and to start using the APIs. For more information about these settings, see the API Apps page.
  6. In the following code sample for the /token endpoint, replace the {{authURL}}, {{clientId}}, and {{clientSecret with the corresponding values from step 5:

    curl --location --request POST '{{authURL}}/v1/token' 
    --header 'accept: application/json' 
    --header 'cache-control: no-cache' 
    --header 'content-type: application/x-www-form-urlencoded' 
    --data-urlencode 'grant_type=client_credentials' 
    --data-urlencode 'scope=s2s' 
    --data-urlencode 'client_id={{clientId}}' 
    --data-urlencode 'client_secret={{clientSecret}}'
  7. Log in to the Postman client.

  8. To generate an access token, do the following steps:

    1. In the left menu, click Import.
    2. Import the code sample from Step 6.
    3. Run the /token endpoint.
            "token_type": "Bearer",
            "expires_in": 600,
            "access_token": "eyJraWQiOiIt...",
            "scope": "s2s"
    4. Make a note of the access token.
      The access token is used to authenticate all your API requests. The token expires after 10 minutes. You must generate a new access token to continue using the API endpoints.
  9. Make your first API request.

Related Resources