Refresh tokens are issued during onboarding. If you don’t have one yet, see Seller Management for the sign-up flow.
Token Exchange
CallPOST /v1/auth with your refresh token to obtain an access token. See the Auth API Reference for the full request and response schema.
| Field | Description |
|---|---|
authToken | the access token to use as a Bearer credential. |
tokenExpireAt | absolute expiry in ISO 8601. |
expiresIn | lifetime in seconds. |
scope | the authorization scope tied to your refresh token (for example, CHANNEL or SELLER). |
Using the Access Token
Send the access token as a Bearer token in theAuthorization header on every SCX API request:
Expiry and Refresh
Access tokens are short-lived. Refresh them proactively beforetokenExpireAt rather than waiting for a 401 Unauthorized response.
The following pattern caches the access token and refreshes it only when necessary:
- On first use, call
POST /v1/authand store theauthTokentogether with itstokenExpireAtvalue. - Before each API request, check whether
tokenExpireAtis more than 60 seconds in the future. If it is, reuse the cached token. - Otherwise, call
POST /v1/authagain using the same refresh token to obtain a new access token.
What’s Next?
Rate Limits
Understand the per-endpoint quotas and 429 handling across all SCX APIs.
Auth API Reference
Endpoint-level reference for
POST /v1/auth.