From Shopclues open API
Jump to: navigation, search

Login Token


Method = POST
Details of the fields.

Field name Description Mandatoray
Header - “Content-Type” Input Content Type here it would be “application/json” Yes
Username Registered email id Yes
password Password(MD5 format) Yes
grant_type password Yes
client_id Client_id of the integrator Yes
client_secret Client_secret of the integrator Yes

When request is successful, you get following response.

Field name Description
access_token An access token is a string that identifies a user.
expires_in expires_in (3600 sec).

When you have entered wrong request

Field name status
wrong username or password 401 Unauthorized.
wrong client_id or client_secret or grant_type. 400 Bad Request

  • JSON
  • PHP
Production Url -

Sandbox Url -

Sample JSON Request



Successful response

    "access_token": "73d37b7361b568249b9b26d5746e722c3e60",
    "expires_in": 3600,
    "token_type": "Bearer",
    "scope": null,
    "refresh_token": "dfaa70a0703b2a1553a49a355edf28d5b0"

For accessing public API's you don't need the username and password to generate the token.
The following request can also be used to generate token to access the public API's:-

Sandbox URL to be used-
  • And you get the following response
  "access_token": "0c24a57ddb4882fd34a0007d75ace11d65e1941e",
  "expires_in": 3600,
  "token_type": "Bearer",
  "scope": null
  • When you have entered wrong username or password .


  "error": "invalid_grant",
  "error_description": "Invalid username and password combination"
  • When you have entered wrong client_id or client_secret or grant_type.
  "error": "invalid_client",
  "error_description": "The client credentials are invalid"

$oauth_url = '';   
$credentials = array(
    "username" => "<Email>",
    "password" => "<Password in md5 encode>",
    "client_id"=> "<Client id>",
    "client_secret"=> "<Client secret>",
    "grant_type"=> "password"

function genToken($oauth_url, $credentials)
$curl = curl_init($oauth_url);
curl_setopt_array($curl, array(
'Content-Type: application/json'
CURLOPT_POSTFIELDS => json_encode($credentials)
$response = curl_exec($curl);
$response = json_decode($response, true);
return $response;

$token = genToken($oauth_url, $credentials);  
print_r($token) ;  


Example Response

  "access_token": "d6dd694565e5c76acd7b34451156f0c",
  "expires_in": 3600,
  "token_type": "Bearer",
  "scope": "read_placeorder write_placeorder 
  read_paymentservice ",
  "refresh_token": "081acccb993456c9e157e7684b1d7dd137eb2a087"