Guides
My Account

Authentication and authorization

Why can't I log into the Developer Portal?

This may be due to outdated links, credential issues, or temporary outages.

How do I authenticate with Walmart Marketplace APIs?

Use OAuth 2.0 client credentials to obtain an access token, then include the token in the Authorization header for every API request. Reuse the token until it is close to expiration, then generate a new one.

Sample token request:

bash
curl --request POST \ --url https://api-gateway.walmart.com/v3/token \ --header "Authorization: Basic <base64(clientId:clientSecret)>" \ --header "Accept: application/json" --header "Content-Type: application/x-www-form-urlencoded" \ --data "grant_type=client_credentials"
Python `requests` equivalent: python
import base64
import requests
client_id = "your_client_id"
client_secret = "your_client_secret"
credentials = f"{client_id}:{client_secret}"
encoded_credentials = base64.b64encode(credentials.encode()).decode()
url = "https://api-gateway.walmart.com/v3/token"
headers = { "Authorization": f"Basic {encoded_credentials}" "Accept": "application/json" "Content-Type": "application/x-www-form-urlencoded"
} data = {"grant_type": "client_credentials"}
response = requests.post(url, headers=headers, data=data)
print(response.status_code)
print(response.text)

For detailed guidance, refer to Create an access token.

How do I generate an access token?

Access tokens are short-lived (typically 15 minutes). When a token expires or is close to expiration, generate a new access token.

For step-by-step instructions, refer to the Authentication management API overview guide.

Why am I getting "invalid token" or "unauthorized" errors?

401 Unauthorized: The access token is missing, malformed, expired, or generated for a different environment. Generate a new token and verify you are using the correct environment credentials.

403 Forbidden: The token is valid, but your app or account does not have permission (scope or role) to access the endpoint or resource. Verify your app permissions and reauthorize if required.

Mixed environments: A sandbox token is being used with a production base URL (or vice versa). Tokens and base URLs must match the relevant environment.

Why do test credentials work but production credentials fail?

Test and production environments are separate and require different credentials.


Updated about 10 hours ago