OAUTH 2.0

OAuth gives Shoppable users the ability to permit your application to access their Shoppable account data on their behalf. Here is a quick overview of the flow:

Authentication Flow

  1. Create a Shoppable user account.

  2. Register your application at myaccount > Developers. After registration, you should have your app_id, secret, and the redirect URL you put in.

  3. In your server, generate the authentication link for users. Ruby example using OAuth2 wrapper

    callback = "http://your_application/wishlists"
    app_id = "a9105b229a2b5b4ff6b63b9a7d19c42027b904db745e51a03c5730f79ef8a117"
    secret = "eb2f359b00a2b3dd346418af6b374c9bd95a07f28ee2f5ed1577758fedb5f1de"

    # instantiate a new OAuth client
    client = OAuth2::Client.new(app_id, secret, site: "http://www.shoppable.com/")

    # generate the authentication URL
    @auth_url = client.auth_code.authorize_url(redirect_uri: callback)
  1. A user clicks on the authentication URL
    1. User authenticates with Shoppable. They either sign in to an existing Shoppable account, or create a new one.

    2. After signing in/up, the user is prompted to allow your app to access their account data. Finally, they are redirected back based on the redirect URL provided in step 2.

  2. Get the code in the code parameter of the redirect URL. For example

    http://you_application/wishlists?code=cffa52c26f24ff1aba5c8140a27fa98b5a08bab69a6a5fc2ba0469bf4576edd82343

  3. Generate an access token with the code. Example (in Ruby on Rails):
    # get the code parameter from URL
    code = params[:code]

    callback = "http://you_application/wishlists"
    app_id = "a9105b229a2b5b4ff6b63b9a7d19c42027b904db745e51a03c5730f79ef8a117"
    secret = "eb2f359b00a2b3dd346418af6b374c9bd95a07f28ee2f5ed1577758fedb5f1de"

    # instatiate a new client
    client = OAuth2::Client.new(app_id, secret, site: "http://www.shoppable.com/")

    access = client.auth_code.get_token(code, redirect_uri: callback)
    access_token = access.token

    # save the token.  In this case storing it in session.
    session[:access_token] = access_token

  1. You are now ready to make User API calls. All API calls require the access token, which is valid for 3 months. Available User APIs:
    • User profile
    • Wishlists (mylists)
    • Shipping addresses
    • Billing credentials

Example API call

Ruby on Rails example using HTTParty to make the API call for a user's wishlists.

  # Get the access token from session, stored previously
  access_token = session[:access_token]
  api_url = "http://www.shoppable.com/api/v2/wishlists?access_token=" + access_token

  # returns a JSON object of all user's wishlists
  wishlists = HTTParty.get(api_url, :options => { :headers => { 'Content-Type' => 'application/json' } })