Authentication

Overview

All state endpoints require secure access using Bearer Token authentication. Clients must include a valid token in the Authorization header of each request.

How to Authenticate

To access any state endpoint:

http

Copy

• The token must be obtained via the Authentication API.
• It represents the current authenticated customer session.

Token Management

• Access tokens may expire – clients are responsible for detecting expiration and refreshing the token using the appropriate OAuth2 or session refresh mechanism.
• If a request returns a 401 Unauthorized, the client should attempt to renew the token and retry once.