Authentication

The API calls in this documentation require a Bearer Authentication token. This token is a time-limited key that must be included in the header of every request to a protected endpoint.

To get this token, you'll first make a request to our Authentication API using your unique client_id and client_secret. This process follows the OAuth 2.0 Client Credentials flow, which is a standard and secure way for your application to authenticate itself.

Environments

The authentication process is specific to the environment you are working in. Be sure to use the correct connect/token address.

Environment	Authentication API address
Test	https://auth.demo.external.svea.com/connect/token
Production	https://auth.svea.com/connect/token

Example Request

Here's an example cURL request to fetch your authentication token. Remember to replace the placeholders MY_ACCOUNT_NAME and MY_ACCOUNT_SECRET with your actual credentials.

curl --location "https://auth.demo.external.svea.com/connect/token" 
  --header "Content-Type: application/x-www-form-urlencoded" 
  --data-urlencode "grant_type=client_credentials" 
  --data-urlencode "client_id=MY_ACCOUNT_NAME" 
  --data-urlencode "client_secret=MY_ACCOUNT_SECRET" 
  --data-urlencode "scope=salesfinance.order" 
  --data-urlencode "response_type=token"

Example Response

A successful request will return a JSON object with your access_token.

{
   "access_token":"...",
   "expires_in":3600,
   "token_type":"Bearer",
   "scope":"salesfinance.order"
}

The access_token is valid for 3600 seconds (one hour), as indicated by the expires_in parameter. Once the token expires, you'll need to generate a new one.

Environments​

Example Request​

Example Response​

Environments

Example Request

Example Response