Depending on the API, Ware2Go supports both basic and bearer token type authentication for requests. This page describes how to use each method.


Get your API user name and secret

See the Getting Started page for details about creating an API user and finding the user's API secret.


For basic authentication concatenate your API user name and secret using a colon as a separator. Then base64 encode the resulting string. Send the resulting string in the authorization header of your request. The values below show an example:

  • API user name = APIUSER
  • API secret = APISECRET998877
  • Concatenated String = APIUSER:APISECRET998877
  • Base64 encoded value = QVBJVVNFUjpBUElTRUNSRVQ5OTg4Nzc=

The following code shows a basic request using the value above in the authorization header:

curl --request GET \
     --url \
     --header 'accept: application/json' \
     --header 'authorization: Basic QVBJVVNFUjpBUElTRUNSRVQ5OTg4Nzc='

Bearer Tokens

Bearer tokens provide a way to authenticate your API requests that can be easily rotated without having to change your API user's secret key. Use the Authentication API to create a bearer token. To create a bearer token send your API user name and secret to the /token endpoint as values for client_id and client_secret in the body of the request. The sample code below shows an example request to the /token endpoint:

curl --request POST \
     --url \
     --header 'accept: application/json' \
     --header 'content-type: application/x-www-form-urlencoded' \
     --data grant_type=client_credentials \
     --data client_id=APIUSER \
     --data client_secret=APISECRET998877

The resource returns a bearer token, as shown in the example below:

  "access_token": "THIS_IS_YOUR_BEARER_TOKEN",
  "expires_in": 1800,
  "refresh_expires_in": 0,
  "token_type": "Bearer",
  "not-before-policy": 0,
  "scope": "email entitlements profile"