Authentication
In the Lochting software, API access is secured with JSON Web Tokens (JWT). After authenticating with your API key, you receive an access token and a refresh token for subsequent requests.
Token lifetimes
The access token is a temporary credential for protected API calls. Access tokens remain valid for one day.
The refresh token is used to obtain a new access token when the current one expires. Refresh tokens remain valid for three days.
Obtain an access token
Send your API key to the Access Token endpoint:
curl -X POST https://api.lochting.com/public/v1/get-token \
-H "Content-Type: application/json" \
-d '{"apiKey": "your-api-key"}'
The response contains accessToken and refreshToken.
Use the access token
Add the access token to the Authorization header of each API call. You may
pass the token directly or prefix it with Bearer:
curl https://api.lochting.com/public/v1/orders \
-H "Authorization: your-access-token"
curl https://api.lochting.com/public/v1/orders \
-H "Authorization: Bearer your-access-token"
Both forms are accepted.
Refresh an access token
Send your refresh token as plain text to the Refresh Token endpoint:
curl -X POST https://api.lochting.com/public/v1/refresh-token \
-H "Content-Type: text/plain" \
-d "your-refresh-token"
API key scopes
Access to the API is granted based on the scope of the API key. The following scopes are available:
orderscustomersreservationsshipmentsstockpriceswebhooks
If your key does not include the required scope, the API responds with 401 Unauthorized.
Get an API key
To obtain an API key, please contact us.