Skip to main content
The authentication API handles token issuance, refresh, and exchange across the platform.

Base URL

/auth

Endpoints

MethodPathDescriptionAuth
POST/auth/refreshRefresh an access tokenBearer token
POST/auth/bridgeExchange a bridge token for access tokensBridge token

Authentication Flow

1. Customer authenticates via platform SSO (Shopify/BigCommerce)


2. Platform issues a Bridge Token


3. POST /auth/bridge → Returns access + refresh tokens


4. Client uses access token for API calls


5. Token expires → POST /auth/refresh → New access token

Token Format

All tokens are JWTs signed with HS256. Each token type uses a different signing key. 
{
  "sub": "customer-uuid",
  "aud": ["customer"],
  "retailer_id": "retailer-uuid",
  "iat": 1709500000,
  "exp": 1709586400
}