docs

Authentication (hidden)

Overview

All state endpoints require secure access using Bearer Token authentication. Clients must include a valid token in the Authorization header of each request.

How to Authenticate

To access any state endpoint:

Authorization: Bearer <customer-auth-token>
  • The token must be obtained via the Authentication API.
  • It represents the current authenticated customer session.

Token Management

  • Access tokens may expire – clients are responsible for detecting expiration and refreshing the token using the appropriate OAuth2 or session refresh mechanism.
  • If a request returns a 401 Unauthorized, the client should attempt to renew the token and retry once.