Authentication

The Instabox API uses OAuth 2.0 client credentials flow. All API requests must include a valid Bearer token in the Authorization header.

Endpoint

POST https://oauth.instabox.se/v1/token

Request

1POST https://oauth.instabox.se/v1/token
2Content-Type: application/x-www-form-urlencoded
1POST https://oauth.instabox.se/v1/token
2Content-Type: application/x-www-form-urlencoded

Request Parameters

Example Request

1curl -X POST https://oauth.instabox.se/v1/token \
2  -H "Content-Type: application/x-www-form-urlencoded" \
3  -d "grant_type=client_credentials&client_id=YOUR_CLIENT_ID&client_secret=YOUR_CLIENT_SECRET"
1curl -X POST https://oauth.instabox.se/v1/token \
2  -H "Content-Type: application/x-www-form-urlencoded" \
3  -d "grant_type=client_credentials&client_id=YOUR_CLIENT_ID&client_secret=YOUR_CLIENT_SECRET"

Response

Response Parameters

Minimum Response

1{
2  "status": "OK",
3  "token": "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIn0..."
4}
1{
2  "status": "OK",
3  "token": "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIn0..."
4}

Using the Token

Include the token in the Authorization header of every API request:

1curl -X POST https://webshopintegrations.instabox.se/v2/orders \
2  -H "Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9..." \
3  -H "Content-Type: application/json"
1curl -X POST https://webshopintegrations.instabox.se/v2/orders \
2  -H "Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9..." \
3  -H "Content-Type: application/json"

Token Expiry

Tokens are valid for 24 hours. Your integration should:

1. Cache the token and reuse it until it expires.
2. Request a new token when the current one has expired or when you receive a 401 Unauthorized response.

Note: Tokens may be longer than 255 characters. Ensure your storage layer supports long strings.

Security Note: Never expose your client_secret in client-side code. Always request tokens server-side and store credentials securely.

Error Handling