OAuth Authentication

Expand / Collapse All
How can I give Solution Providers their own API Keys?

As a seller, you can create separate API keys for each Solution Provider. Just log into the portal, and the API Keys page: developer.walmart.com/generateKey. Just click “Add New Key for a Solution Provider” to create credentials for them, including Client ID and Client Secret. You can now share these credentials with your Solution Provider.

Some best practices we recommend:

  • Seller should generate separate keys for each solution provider and should not share keys between the providers.
  • Don’t give your API directly to Solution Providers.
  • To learn more about delegated access, see Authorization.
What kind of authentication do you provide for API keys?

We provide OAuth authentication via Client ID and Client Secret. Sellers can get their API Keys with Client ID and Client Secret authentication.

We also provide delegated access, so sellers can create separate API keys for their Solution Providers.

 

I’m a seller with full access to APIs. Why am i getting “unauthorized” error?
  • Please check that you have recent credentials. Log into the portal and verify your Client ID and Client Secret are active.
  • Credentials are assigned for the Partner, which will be shared within all the users within the Partner. Make sure someone else has not reset the keys.
  • If you continue to experience issues, please contact Walmart support.
I have the correct credentials, and an access token. Why am I getting “unauthorized” error?
  • OAuth assigns a scope of access for each set of client credentials. Depending upon the scope of the keys, Walmart will allow, or reject, certain API calls.
  • Seller credentials (which are on API keys page) have full access. The seller is authorized to make all API calls and there are no restrictions.
  • By default, keys generated for a Solution Provider have no access and are not authorized to make any API calls at the start. You need to go in and assign permissions per object category (e.g. Items, Orders).
How can I reset my Client ID and Secret?

When you log into the Developer Portal, it takes you to the Production Keys and Sandbox Keys.

You need Admin access to reset the Client ID/Client Secret.

When you reset the credentials, save both the Client ID and Client Secret because so you need them both to get the access_token.

Do I need to store the Client Secret locally?

No. With this new feature you can get the Client ID/Client Secret anytime on the Developer Portal, so you no longer have to keep the secret locally and regenerate if lost.

Where can I get my API Keys?

When you log into the Developer Portal, it takes you to the Production Keys and Sandbox Keys authentication area, where you can set your Client ID and Client Secret.

You can get there directly: https://developer.walmart.com/generateKey.

Is the Client ID and Client Secret the same as Consumer ID and Private Key?

No. Client ID/Client Secret is different from Consumer ID/Private Key combination. Consumer ID/Private Key was required for the old authentication method. With oAuth you will have to use only the ClientID/Client Secret that you can get from Developer Center.

How does the header change for APIs?
  • To learn more about the API Headers for the GET token API, see Authentication.
  • For all other API headers:
    • Remove these header parameters: WM_SEC.TIMESTAMP, WM_SEC.AUTH_SIGNATURE, WM_CONSUMER.CHANNEL.TYPE, WM_CONSUMER.ID
    • Add for Authorization, this header parameter: WM_SEC.ACCESS_TOKEN
    • For more details, refer to the Reference for each API, (e.g. GET All Feed Statuses).

After the headers are updated, you will use the access_token to make subsequent API calls.

What is OAuth Authentication?

OAuth 2.0 is the industry standard for token-based authentication and authorization for APIs.

Learn more about OAuth at https://oauth.net/2/.