HomeDocumentationAPI ReferenceRelease NotesRecipesPartner with UsLegal

Authentication

Integrator Authentication

Treez Headless Ecommerce APIs require a valid client_id and client_secret in the header of every call to verify the identity of the integrator and for logging purposes. In addition, the hostname of the dispensary to which the call is made is required to be in the path. These values will be provided to you by Treez. To get started, please review the Partner with us page and follow the instructions provided.

curl --location '<https://headless.treez.io/v2.0/dispensary/partnersandbox2/ecommerce/config>'  
--header 'client_id: 1234EXAMPLECLIENTID567890' \
--header 'client_secret: 1234EXAMPLECLIENTSECRET567890'

Customer Authentication

Certain customer-facing endpoints require authentication using a bearer token. This token (and a corresponding refresh token) are generated when the customer logs in. Both tokens appear in the response body of the /login endpoint.

...
    "tokens": {
        "resultCode": null,
        "resultReason": null,
        "token": "eyJhbGciOiJIUzUxMiJ9.eyJzdWIiOiJzY29qdC50aGFjaGVyK2Vjb21tMkB0cmVlei5pbyIsImNyZWF0ZWQiOjE2OTE3NzU0NzQyOTMsImt1cCI6MzM3NjQsImV4cCI6MTY5MTc3NjA3NCwic3VwIjoxMTAwfQ.RXy0rs7b68bXCec1SOTFpOx-4A_OX3lN9j7QHM20zdUf5ggTMybqy5VURt2rvu27NjCyXvo78eF4JFrbvl0CJA",
        "tokenExpiredIn": "2023-08-11T17:47:54.000Z",
        "refreshToken": "eyJhbGciOiJIUzUxMiJ9.eyJzdWIiOiJzY290dC50aGFjaGVyK2Vjb21tMkq0cmVlei5pbyIsImNyZWF0ZWQiOjE2OTA4MTAwNDM0MTYsImt1cCI6MzM3NjQsImV4cCI6MTY5MTgxMDA0Mywic3VwIjoxMTAwfQ.INpUNf4xhF9MKwQZdkx2G_JXck_8S7fhomVn9CDvfoLlCvBmDZ7IDt1GfKbaJcMshS4KJUb5ftMFeh1BKMLSaQ",
        "refreshTokenExpiredIn": "2023-08-12T03:14:03.000Z"
    },
...