To use the backend API, your API client will have to authenticate itself to the API. Authentication is handled by a combination of instance key and access token. As a result, with every request an instance key and access token have to be sent.
The next chapter will cover how to get an access token if you don't already have one. If you already have an access token, feel free to skip this chapter.
Creating an access token
Access tokens are managed in the app. To create a new access token, go to the Security → Access Token module and click the button that allows you to create a new access token.
If you don't have access to the security module, please contact support. We manually enable the module on an instance-to-instance basis.
You'll be prompted to fill in a name for your access token. You should strive to have this name be representative of how or by what the access token will be used. For example, you might want to use the name "product sync" if you're going to use the token for synchronizing products with Tweakwise.
You cannot edit the rename of the token later on, so choose the name wisely.
Having decided on a name, proceed to create the token.
In the next screen you'll see the access token that will have been generated for you. Copy it somewhere and keep it safe!
Due to how we securely store your access token on our side, we cannot get it back for you if you lose it. The only option is to delete the old token and create a new one.
Making a request
As mentioned before, to make an authenticated request to the API, you'll need to provide both an instance key and an access token. Both of these values must be provided in the headers. You'll need to pass the instance key via the TWN-InstanceKey
header, and the access token via the TWN-Authentication
header.
For example, using cURL, making a request to get the total number of products in an instance can be done like so:
curl --request GET \
--url https://navigator-api.tweakwise.com/stats/totalproducts \
--header 'TWN-InstanceKey: YourInstanceKeyHere' \
--header 'TWN-Authentication: YourAccessTokenHere'