Only authenticated users can consume the Sellercloud Rest API services. To authenticate, a user must obtain an authentication token, which is required in every proceeding call to the server. This article will explain how to obtain an authentication token.

Sellercloud recommends that you create a separate user(employee) for each different integration that you build with our REST API. If you would like to give API access to two different software, like a shipping software and an accounting software, then we’d advise using two different employees.

JSON Web Token

The SellerCloud Rest API uses the JSON web token authentication approach. JWT is an open standard (RFC 7519) that defines a compact and self contained way for securely transmitting information between parties as a JSON object. The information can be verified and trusted because it is digitally signed. You can learn more about JWT in


The call to retrieve a token should be sent to [RestAPIEndpoint]/api/token. You can obtain your Rest API Endpoint by following the instructions here.

Call Requirements

The required content type is JSON, so we must add in the request header:
key: Content-Type
value: application/json

The required HTTP Method type is POST

A valid username and password must be sent in the request body, in the following format:


The response from the authentication API call will be in JSON format, and will look as follows:

The most important part of the response is the Access Token. The Access Token needs to be stored somewhere and provided in the Authentication header of every subsequent request to the API. The contents of the Authentication header should be formatted like Bearer {token}.

Sellercloud will utilize the Access Token to validate that the user is authenticated and authorized for consuming the REST API services.

Each Access Token will be valid for 60 minutes. Once the 60 minutes expire, you must make another call to retrieve a new token.


Authentication.Client API

Was this article helpful?

REST Services Overview (+ Intro to Swagger)