Build with Joonweb | Developer Documentation

The **Authorization folder** contains sample requests and setup instructions for authenticating with the JoonWeb Public API.

All Admin and private Sitefront API endpoints require valid authentication before access is granted.

**Supported Authentication Methods:**

1. **OAuth 2.0** — Recommended for third-party and public app integrations.
    
    - Used when your app is installed on a JoonWeb user account.
        
    - Provides scoped access (e.g., read_products, write_orders).
        
    - Tokens expire periodically and must be refreshed.
        
2. **API Token** — Ideal for private or server-to-server integrations.
    
    - Generated from your JoonWeb Developer or Using OAuth for Apps.
        
    - Used in the `Authorization` header as API key.
        
    - Key : `X-JoonWeb-Access-Token` Value : `{{access_token}}`

---

**Authentication Flow (OAuth 2.0):**

1. Redirect the user to the JoonWeb OAuth consent URL.
    
2. The user authorizes your app.
    
3. JoonWeb returns an authorization `code`.
    
4. Exchange the `code` for an admin access token.
    
5. Use the admin access token to authenticate API requests.

---

**Error Responses:**

- `401 Unauthorized` — Missing, invalid, or expired token.
    
- `403 Forbidden` — Token valid but lacks required scopes.
    
- `429 Too Many Requests` — Rate limit exceeded; use retry logic.

---

**Use this folder to:**

- Test OAuth and API token authentication flows.
    
- Verify access scopes and permissions.

Authorization

Authorization #

Exchange OAuth code for token #

Headers

Request Body

Responses