Guides
My Account

OAuth authentication

Suggest Edits
How can I give Solution Providers their API Keys?

As a seller, you can create separate API keys for each Solution Provider. Log into the portal and the API Keys page at developer.walmart.com/generateKey. Click "Add New Key for a Solution Provider" to create credentials, including the Client ID and Client Secret. You can now share these credentials with your Solution Provider.

Best practices:

  • The seller should generate separate keys for each solution provider and not share keys between the providers.
  • Don't give your API directly to Solution Providers.
  • To learn more about delegated access, see Authorization.
What kind of authentication do you provide for API keys?

We provide OAuth authentication via Client ID and Client Secret. Sellers can then access their API Keys with these credentials.

We also provide delegated access so sellers can create separate API keys for their Solution Providers.

I’m a Marketplace seller with full access to APIs. Why am I getting an “unauthorized” error?

Check that you have recent credentials. Log into the portal and verify your Client ID and Client Secret are active.

Credentials are assigned for the Partner, which will be shared with all the users within the Partner. Make sure someone else has not reset the keys.

If you continue to experience issues, contact Walmart support.

I have the correct credentials and an access token. Why am I getting "an unauthorized” error?

OAuth assigns a scope of access for each set of client credentials. Depending upon the scope of the keys, Walmart will allow or reject certain API calls.

Seller credentials (on the API keys page) grant full access. The seller is authorized to make all API calls without restrictions.

By default, keys generated for a Solution Provider have no access and are not authorized to make API calls at the start. You need to go in and assign permissions per object category (such as Items, Orders).

How can I reset my Client ID and Secret?

When you log into the Developer Portal, you will be taken to the Production Keys and Sandbox Keys page.

You need admin access to reset the Client ID/Client Secret.

When you reset the credentials, save the Client ID and Client Secret. You need both to obtain the access token.

Do I need to store the Client Secret locally?

No. With this new feature, you can get the Client ID/Client Secret anytime on the Developer Portal, so you no longer have to keep the secret locally and regenerate it if lost.

Where can I get my API Keys?

When you log into the Developer Portal, you are taken to the Production Keys and Sandbox Keys authentication area, where you can set your Client ID and Client Secret.

You can get there directly: https://developer.walmart.com/generateKey.

Is the Client ID and Client Secret the same as Consumer ID and Private Key?

No. Client ID/Client Secret differs from Consumer ID/Private Key combination. Consumer ID/Private Key was required for the old authentication method. With OAuth, you will only have to use the ClientID/Client Secret that you can get from the Developer Center.

How does the header change for APIs?

To learn more about the API Headers for the GET token API, see Authentication.

For all other API headers:

  • Remove these header parameters: WM_SEC.TIMESTAMP, WM_SEC.AUTH_SIGNATURE, WM_CONSUMER.ID
  • Add this header parameter for authorization: WM_SEC.ACCESS_TOKEN
  • For more details, refer to the Reference for each API (such as GET All Feed Statuses).

After updating the headers, you will use the access token to make subsequent API calls.

What is OAuth authentication?

OAuth 2.0 is the industry standard for token-based authentication and authorization for APIs.

Learn more about OAuth at https://oauth.net/2/.

Updated about 2 months ago