Guides
My Account

Get an access token using Token API

Call this Token API endpoint to obtain OAuth 2.0 access tokens for Walmart Marketplace APIs. This endpoint supports multiple grant types for different authentication scenarios - Client Credentials Grant, Authorization Code Grant, Refresh Token Grant.

You must use the returned access token to call Marketplace APIs. Include the access token in the WM_SEC.ACCESS_TOKEN header on every Marketplace API call. The lifetime of a token is as follows:

  • Access Token: 15 minutes (900 seconds)
  • Refresh Token: 1 year (365 days)

As best practice, scope only the permissions you need. Request more access later using re-consent. Store the access token and refresh token securely. To start selling on Walmart Marketplace using the Marketplace APIs, refer to Get started as a seller or Get started as a solution provider.

Based on if you are a seller or solution provider, choose the flow.

  • Client credentials - Your Walmart Marketplace application is in your own seller account using your client ID or client secret only. No refresh token is provided.
  • Authorization code - A solution provider acts on a your (seller's) behalf. As the seller, you must authorize the app. The solution provider can now exchange the authorization code for an access token + refresh token.
  • Refresh token - You can use the refresh token to get new access tokens automatically.

This page describes an example using only the required parameters and inputs to get an access token and refresh token. For a full list of customization options and additional capabilities, refer to Token API.

Endpoint

POST https://marketplace.walmartapis.com/v3/token

Scenario: Client credentials (Sellers)

Use this when your app is only accessing your own Walmart seller account and not acting on behalf of any other seller. You must use your own Client ID and Client Secret. For more details, refer to Get started as a seller.

Sample request

This sample request shows how retrieve an access token with client credentials. Create the HTTP Authorization header value by Base64-encoding client_id:client_secret.

curl --request POST \ --url https://marketplace.walmartapis.com/v3/token \ --header 'Authorization: Basic eW91cl9pZDp5b3VyX3NlY3JldA==' \ --header 'Accept: application/json' \ --header 'Content-Type: application/x-www-form-urlencoded' \ --data 'grant_type=client_credentials'

import requests url = "https://marketplace.walmartapis.com/v3/token" headers = { "Authorization": "Basic eW91cl9pZDp5b3VyX3NlY3JldA==", "Accept": "application/json", "Content-Type": "application/x-www-form-urlencoded",
} data = { "grant_type": "client_credentials",
} response = requests.post(url, headers=headers, data=data)
print(response.status_code)
print(response.text)

Sample response

This sample response shows the response after successfully generating the access token. 

"clientCredentialsRes": { "summary": "Token API - client_credentials", "value": { "access_token": "eyJraWQiOiI1MWY3MjM0Ny0wYWY5LTRhZ.....", "token_type": "Bearer", "expires_in": 900 }

Scenario: Exchange an authorization code (Solution providers)

Use this after the seller authorizes your app in Walmart's OAuth workflow. You will exchange the one-time authorization code for an access token (short-lived) and a refresh token (long-lived). For more details, refer to Get started as a solution provider.

Sample request

This sample request shows how to retrieve an access token and refresh token.

curl --request POST \ --url https://marketplace.walmartapis.com/v3/token \ --header 'accept: application/json' \ --header 'content-type: application/x-www-form-urlencoded' \ --data grant_type=authorization_code \ --data code=65CA5DA313A549D49D15D3119D9AD85D \ --data redirect_uri=https://example-client-app.com

import requests url = "https://marketplace.walmartapis.com/v3/token" headers = { "Accept": "application/json", "Content-Type": "application/x-www-form-urlencoded",
} data = { "grant_type": "authorization_code", "code": "65CA5DA313A549D49D15D3119D9AD85D", "redirect_uri": "https://example-client-app.com",
} response = requests.post(url, headers=headers, data=data)
print(response.status_code)
print(response.text)

Sample response

This sample response shows the generated access token and refresh token. 

{
"tokenAPIRes": { "summary": "Token API - authorization_code", "value": { "access_token": "eyJraWQiOiI1MWY3MjM0Ny0wYWY5LTRhZ.....", "refresh_token": "APXcIoTpKMH9OQN....", "token_type": "Bearer", "expires_in": 900 } }, "refreshTokenRes": { "summary": "Token API - refresh_token", "value": { "access_token": "eyJraWQiOiI1MWY3MjM0Ny0wYWY5LTRhZ.....", "token_type": "Bearer", "expires_in": 900 } }

Scenario: Refresh the access token

When the 15 minute access token nears expiry, you can refresh the access token using the refresh token. An access token expires after a certain interval, so you will have to refresh a user's access token. You could use refresh token, obtained from the token API call using authorization code grant type, to get a new access token. Refresh tokens remain valid for a year.

Sample request

This sample request shows how to exchange your stored refresh_token for a 15 minute access token.

curl --request POST \ --url https://marketplace.walmartapis.com/v3/token \ --header 'accept: application/json' \ --header 'content-type: application/x-www-form-urlencoded' \ --data grant_type=client_credentials \ --data code=65CA5DA313A549D49D15D3119D9AD85D \ --data redirect_uri=https://example-client-app.com \ --data refresh_token=APXcIoTpKMH9OQN.....

import requests url = "https://marketplace.walmartapis.com/v3/token" headers = { "Accept": "application/json", "Content-Type": "application/x-www-form-urlencoded",
} data = { "grant_type": "client_credentials", "code": "65CA5DA313A549D49D15D3119D9AD85D", "redirect_uri": "https://example-client-app.com", "refresh_token": "APXcIoTpKMH9OQN.....",
} response = requests.post(url, headers=headers, data=data)
print(response.status_code)
print(response.text)

Sample response

This sample response shows that you have received a fresh access token good for ~900 seconds. 

{
"access_token": "eyJraWQiOiIzN2JmOWQ5MS04ZDRkLTQ................................", "token_type": "Bearer", "expires_in": 900
}

Start using Walmart Marketplace APIs

Now that you have the access token, you can start using Marketplace APIs. Add WM_SEC.ACCESS_TOKEN: Basic <access_token> to every request and include any endpoint-specific headers. Walmart offers a vast array of APIs to support your eCommerce business. Review Integrate with Walmart Marketplace APIs to explore APIs for items, orders, inventory, pricing, WFS, and more.

Updated 1 day ago