Authenticating with OAuth 2.0

Whenever a shared merchant installs your integration (app) for the first time, a standard OAuth 2.0 flow will be initiated:

  1. The merchant grants you access to their data
  2. You authenticate and access the relevant App Developer API endpoints

The diagram below illustrates the process for a new shared merchant installing your app.
Underneath the diagram is a detailed breakdown for each step.

676676

Step 1: Request authorization

  1. The merchant clicks to install the app from your admin. They are redirected to an installation link in the following format:

https://yap.yotpo.com/#/app_market_authorization?app_market_mode&application_id={{application_id}}

📘

Please note:

Replace {{application_id}} with your unique Application ID. You’ll receive your Application ID from Yotpo upon the approval and registration of your app.

  1. The merchant logs into their Yotpo admin. They are prompted to authorize your app.

  2. The merchant clicks Authorize and is redirected to the Yotpo integration section within your admin (using the redirect URL you provided as part of the app registration process).
    The merchant's Yotpo API Key and Temporary Code are appended to the end of the redirect URL.

👍

For example:

If your redirect URL is https://www.partner.com/yotpo_integration/yotpo_callback,
the following URL will be sent: https://www.partner.com/yotpo_integration/yotpo_callback?code={{yotpo_temp_code}}&app_key={{yotpo_app_key}}.

Step 2: Generate access token

Generate an access token using the following information:

  • The merchant’s API Key and Temporary Code (received in step 1).
  • Your Application ID and Application Secret (received upon registering your app).

📘

Please note:

Application ID and Application Secret are referred to as ‘client_id’ and ‘client_secret’ respectively in the API endpoint.

The access token is generated once per merchant and does not expire.

Step 3: Allow removal of the app

For privacy and troubleshooting purposes, all apps must include an ‘uninstall app’ option on the partner’s side. To uninstall an app, simply add an ‘uninstall’ button on your interface that uses the remove application endpoint.

Step 4: Call the API

Use the access token generated in step 2 to access all other API endpoints in the App Market API reference. You can find information specific to your product or use case in in the best practice guides below.

📘

Integrating with multiple stores in Yotpo

The access token you receive will only apply to the specific store instance in Yotpo that the merchant picked and authorized the app for. If the merchant has additional stores within their Yotpo account (whether for different languages, testing or multiple brands), they will need to install the same app on each of these stores separately.