Authorization Header Usage

29 April 2019

Composable Commerce

HTTP API

Announcement

Deprecation

Security and privacy

As a security improvement, on 6 May 2019 the commercetools Composable Commerce API endpoints will no longer accept access tokens as URI parameters.

All API Clients should provide access tokens using the Authorization header as follows:

POST /{{projectKey}}/channels HTTP/1.1
Host: api.{region}.{cloudProvider}.commercetools.com
Authorization: Bearer {accesstoken}

...

For more information, see:

OAuth 2.0 Specification – RFC 6750, §2.3
Authorization
Using an access token