The first step to using our API is to properly authenticate your application. Hydrogen uses OAuth 2.0 to facilitate authorization on the API, an industry standard framework for authorization. There are two grant types supported by Hydrogen:
- Client Credentials Grant: The Client Credentials grant is used by your application to obtain permission to act on its own behalf. A call will be made to our OAuth server to exchange your
access_token, which can then be used to make calls to Hydrogen on behalf of the application.
- Password Grant: The Password grant, also known as "Resource Owner Password," is used by your application to authenticate an end user with their login credentials. This grant should be used if you are storing the user's password within the Hydrogen Admin. A call will be made to our OAuth server to exchange your
grant_type=passwordalong with the user's username and password login credentials for an
access_token, which can then be used to make calls to Hydrogen on behalf of the application. All white label web and mobile apps will automatically manage usernames and passwords. For embedded web components this is optional. Please read our no-code guide for more details.
For both grant types, you must Base 64 encode your API credentials in the format
client_secret and pass them into the authorization header using HTTP Basic authentication.
What are the user authentication password options in the API?
When and how do I setup a Custom Client Auth token in the API?