The App Market Developer Hub

Welcome to the App Market developer hub. You'll find comprehensive guides and documentation to help you start working with App Market as quickly as possible, as well as support if you get stuck. Let's jump right in!

Authenticating with OAuth 2.0

Whenever a shared merchant installs your app for the first time, a standard OAuth 2.0 flow will be initiated:

  1. The merchant grants you access to their data
  2. You authenticate and access the relevant App Developer API endpoints

The diagram below illustrates the process for a new shared merchant installing your app.
Underneath the diagram is a detailed breakdown for each step.

Step 1: Request authorization

  1. The merchant clicks to install the app from your admin. They are redirected to an installation link in the following format:

https://yap.yotpo.com/#/app_market_authorization?app_market_mode&application_id={{application_id}}

📘

Please note:

Replace {{application_id}} with your unique Application ID. You’ll receive your Application ID from Yotpo upon the approval and registration of your app.

  1. The merchant logs into their Yotpo admin. They are prompted to authorize your app.

  2. The merchant clicks Authorize and is redirected to the Yotpo integration section within your admin (using the redirect URL you provided as part of the app registration process).
    The merchant's Yotpo API Key and Temporary Code are appended to the end of the redirect URL.

👍

For example:

If your redirect URL is https://www.partner.com/yotpo_integration/yotpo_callback,
the following URL will be sent: https://www.partner.com/yotpo_integration/yotpo_callback?code={{yotpo_temp_code}}&app_key={{yotpo_app_key}}.

Step 2: Generate access token

Generate an access token using the following information:

  • The merchant’s API Key and Temporary Code (received in step 1).
  • Your Application ID and Application Secret (received upon registering your app).

📘

Please note:

Application ID and Application Secret are referred to as ‘client_id’ and ‘client_secret’ respectively in the API endpoint.

The access token is generated once per merchant and does not expire.

Step 3: Call the API

Use the access token generated in step 2 to access all other API endpoints in the App Market API reference. You can find information specific to your product in our API toolkits.

📘

Integrating with multiple stores

The access token you generate will only apply to the specific store the merchant installed and authorized the app for. If the merchant has additional stores within their Yotpo account (whether for different languages, testing or multiple brands), you should ask them to install the app on each store separately.

Removing an app

For privacy and troubleshooting purposes, all apps must include an ‘uninstall app’ option on the partner’s side. To uninstall an app, simply add an ‘uninstall’ button on your interface that uses the remove application endpoint.

Updated 7 days ago

Authenticating with OAuth 2.0


Suggested Edits are limited on API Reference Pages

You can only suggest edits to Markdown body content, but not to the API spec.