The channel integration application type supports authorization using the client credentials flow. Linnworks will provide the Client ID and Client Secret to a specified endpoint, and receive an access token back. Every request made from Linnworks to the application will then be sent with this access token. Linnworks automatically refreshes the access token when it has expired.

Manifest Endpoints

There are two parameters in the channel manifest relating to the OAuth flow. These parameters are found in developer.linnworks.net -> App Modules. The first one is OAuthAuthorizationEndpoint. This is the endpoint that Linnworks will call to receive an access token. There is also OAuthScopesRequested. This is used in the same call that requests the access token, as the token can be limited to the scopes passed in with this parameter. This is an optional parameter.

Within Linnworks

The above changes are all that is required to enable OAuth. If the OAuthAuthorizationEndpoint has been set, the channel wizard will have an additional step to accommodate for OAuth. It will ask for the Client ID and Client Secret, and it will then call the provided endpoint with this information (plus any scopes from the manifest parameter). Linnworks expects this endpoint to validate the Client ID and Client Secret and respond with an access token. Once successful, the wizard will continue. Linnworks uses this process for the application's lifetime (unless OAuth is removed) to refresh the access token, which gets sent on every request to the application.