Token Endpoint

Your application makes a POST call to the following URL to request access token:

Production:    https://connect.supplychain.fedex.com/api/fsc/oauth2/token
Sandbox:     https://api-sandbox.supplychain.fedex.com/api/sandbox/fsc/oauth2/token

NOTE: You have to subscribe to the authentication product in FedEx Supply Chain API Developer Portal in order to use the token endpoint.

Sample Request


POST /api/test/fsc/oauth2/token
org_name: client_organization_name
Content-Type: application/x-www-form-urlencoded

code=AAKVP9IlJLr8qaFpcuEjFZfKru5nF&client_id=80c15796-326e...&client_secret=P5hI7rT3iS2w....&grant_type=authorization_code&scope=Fulfillment_Returns&redirect_uri=https%3A%2F%2Flocalhost.com

Sample Response

Success Response
Here is a success JSON response from the token service:


{
  “token_type” : “bearer”,
  “access_token” : “AAEkZDM3M2ZhZDItN2M1NC00ZWFiLW”,
  “expires_in” : 3600,
  "scope": "Fulfillment_Returns",
  “refresh_token” : “AAFFYKbhYAM977RmprCPcMXr0LRCbbUVxsde”,
}


    

Error Response – One-Time Authorization Code:


{
    "error": "invalid_grant",
    "error_description": "*[d373fad2-7c54-4eab-a731] Authorization code was used before, message rejected*"
}


Error Response – Invalid Authorization Code :


{
    "error": "invalid_grant",
    "error_description": "*[d373fad2-7c54-4eab-a731] Failed to verify OAuth request signature*"
}

OAuth 2.0

HTTP Headers Description Required
org_name Partner or Organization name. No spaces are allowed. Yes
Origin Origin URL.

HTTP-Header       Value
Origin                domain.com
Yes

Request Query Parameters

Parameter Data Type Description Required
grant_type String Indicates the grant type for the API call.
Valid Values:
• “authorization_code”: this is used to retrieve the initial access token. The code parameter must be passed with the authorization code retrieved from the authorize API call.
• “refresh_token”: this is used to refresh the access token. The code parameter must be passed with the refresh_token value from the initial token API call.
Y
code String The code is either the value of the authorization code or the refresh token, depending on the grant_type. Y
client_id String The client ID you received when you first registered an app in FedEx Supply Chain API Developer Portal. Y
client_secret String The client secret you received when you first registered an app in Fulfillment Platform Developer Portal. Y
scope String One or more scope values to indicate which part of user’s account data you want to access. If it is provided, the default is used based on the settings in your developer portal.

Available Scope:    Fulfillment_Returns
The scope Fulfillment_Returns includes Read/write access to orders, items, RMAs, inventory objects.
Y
redirect_uri String Indicates the URI to return the user to after authorization is complete. Y

Success Response Attribute

Parameter Data Type Description
token_type String The type of token.
access_token String The API access token to be used for any subsequent API call to access the merchant’s data. The access_token is only valid for a limited period of time as defined in the expires_in field.
expires_in String Indicates the number of seconds remaining until the access token expires.
refresh_token String The refresh_token is used to refresh the access token when the access_token expires.
scope String One or more scope values to indicate which part of user’s account data you want to access.
NOTE: The scope is a space-delimited list of scope values.

Error Response Attribute

Parameter Data Type Description
error String Error code.
error_description String Error description.