logo

OAuth

OAuth 2.0 implementation endpoints.

AuthorizationRedirect

Initiates OAuth authorization code grant flow per https://www.rfc-editor.org/rfc/rfc6749#section-1.3.1.

The flow involves an interactive login. On successful login and authorization you receive a call back with a code that can only be used once.

Using the TokenExchange endpoint the code can be exchanged for an access token that does not expire.

Access token can be used to access Logistics API by passing the "Authorization: Bearer" header per https://www.rfc-editor.org/rfc/rfc6750#section-2.1

Request
query Parameters
response_type
required
string
Value: "code"
client_id
required
string

Must be set to identity to create an API token tied to your Flexport Seller Portal user identity.

scope
required
string

The scope of the authorization request. Multiple scopes may be provided, separated by ' '. Possible scope values are: read_logistics_products write_logistics_products read_logistics_reports write_logistics_reports read_logistics_bundles write_logistics_bundles read_logistics_orders write_logistics_orders read_logistics_webhooks write_logistics_webhooks read_logistics_parcels write_logistics_parcels read_logistics_returns write_logistics_returns read_logistics_freight write_logistics_freight read_logistics_events read_logistics_inbounds write_logistics_inbounds

redirect_uri
string

Optional. OAuth flow redirects to the redirect_uri after successful authentication with the one-time use "code" passed as query parameter. If identity client_id is used, redirect is to the Flexport Seller Portal UI page.

state
string

An opaque value used by the client to maintain state between the request and callback. The authorization server includes this value when redirecting the user-agent back to the client.

authFlow
string (AuthFlow)

Reserved for use by partners.

Enum: "hosted_ui" "custom_ui"
Responses
301

Redirect

400

Bad Request

get/logistics/api/2023-10/oauth/authorize
Response samples
application/json
{
  • "property1": "string",
  • "property2": "string"
}

TokenExchange

Exchanges the one-time code your callback received from AuthorizationRedirect endpoint for a permanent access token.

SecurityCLIENT_CREDENTIALS or NONE
Request
Request Body schema: application/x-www-form-urlencoded
required
grant_type
required
string (GrantTypes)

Value MUST be set to "authorization_code".

Value: "authorization_code"
code
required
string

The authorization code received from the authorization server.

redirect_uri
string

Required, if the "redirect_uri" parameter was included in the authorization request as described, and must be identical to the value included in the authorization request.

Responses
200

Ok

Response Schema: application/json
access_token
required
string
logisticsAccountId
required
string
400

Bad Request

post/logistics/api/2023-10/oauth/token
Request samples
application/x-www-form-urlencoded
grant_type=authorization_code&code=string&redirect_uri=string
Response samples
application/json
{
  • "access_token": "string",
  • "logisticsAccountId": "string"
}
➔ Next to Orders