V1

This service is used to access to the version 1 of Blomming API

From this version of API all request must be authenticated through a bearer token obtained by blomming OAuth server.

How to use API through authentication

In order to be granted to access to Blomming API, each client must be identified by a couple of credential values:

These credentials are generated by us for a per 3rd part application use. If you dont yet have any, please contact us and explain briefly why do you need them and how do you plan to use our service. We will be happy to give you the full access to our API!

I’ve got my own credential, and now?

Once you have application specific credentials, you will be able to perform any request to Blomming API. The pattern for API request is quite simple, but there are small differences for buy and sell usage.

Authentication for buy services

Buy services are all readonly and are those that does not have a /sell in their URL.

  1. Perform an HTTPS POST to ​/oauth​/token endpoint with credential as parameters (use client_id and client_secret as parameter names) to obtain a bearer token.

    Examples
    Request to obtain a bearer token valid only for buy services

     curl https://api.blomming.com/v1/oauth/token -F grant_type=client_credentials  -F client_id=<Application ID> -F client_secret=<Secret>
    
  2. Store somewhere the bearer token returned in the response body.

    Sample response

     {
       "access_token":"a9e5bbc5148d29318e221f51be2a773d2001085ec80a598e3e899f9c643dfdee",
       "expires_in":7200,
       "scope":"",
       "token_type":"bearer"
     }
    
    Bearer token has an expiration: they can be used only within X seconds from when they have been requested. If a bearer token expires, to perform further requests, another one must be obtained (see step 1).
  3. Pass it of each future request headers to the Blomming API, in order to be granted to preform the call.
    Example

     curl -H "Authorization: Bearer a9e5bbc5148d29318e221f51be2a773d2001085ec80a598e3e899f9c643dfdee" https://api.blomming.com/v1/items/featured
    

Authentication for sell services

Sell services are generally writable endpoints (but not only) and have a /sell in their URL.

  1. Perform an HTTPS POST to ​/oauth​/token endpoint with credential as parameters (use client_id and client_secret as parameter names) to obtain a bearer token.

    Examples
    Request to obtain a bearer token valid only for sell services

     curl https://api.blomming.com/v1/oauth/token -F grant_type=password  -F client_id=<Application ID> -F client_secret=<Secret> -F username=<blomming_username> -F password=<blomming_password>
    
  2. Store somewhere the bearer token returned in the response body.

    Sample response

     {
       "access_token":"a0f692e9d281e6b85dd6a53265b8e425a86127fef9cc05cf06da411f36f94733",
       "expires_in":7200,
       "scope":"",
       "token_type":"bearer",
       "refresh_token":"46d98f80a34f68de0413b1a59daaa1d6c007e4041a4e8bab4f2472412d09ba4c"
     }
    
    Bearer token has an expiration: they can be used only within X seconds from when they have been requested. If a bearer token expires, to perform further requests, another one must be obtained (see Token refresh section).
  3. Pass it of each future request headers to the Blomming API, in order to be granted to preform the call.
    Example

     curl -i -H "Authorization: Bearer a0f692e9d281e6b85dd6a53265b8e425a86127fef9cc05cf06da411f36f94733" https://api.blomming.com/v1/sell/shop/items?page=1&per_page=1
    

Token refresh

As noticed before, bearer token has an expiration time.

After your bearer token has expired, each request done with that stale token will return an HTTP code 401.

To refresh the expired token without the need to resend username and password, you can perform a GET call to /oauth/token/ giving this required parameters:

Example:

 curl -i https://api.blomming.com/v1/oauth/token \
   -F grant_type=refresh_token \
   -F refresh_token=<REFRESH_TOKEN> \
   -F client_id=<CLIENT_ID>\
   -F client_secret=<CLIENT_SECRET>

As response, you will obtain almost the same object structure returned by the authentication for sell services (just without scope attribute):

{
  "access_token":"7e3ea379f56186fe46d1ac34815174635a3c0ed4a8d65414bf0748ba6356ab1c",
  "token_type":"bearer",
  "expires_in":7200,
  "refresh_token":"43c48762da90105704fba96c8403a56d9dcc4f523986b6514630b3d4a6dbcc10"
}

Endpoints

OAuth

oauth

Buy

carts

categories

collections

countries

currencies

items

macrocategories

password_resets

provinces

shops

tags

Sell

sell