Working with token/authentication calls

Auth'n'Auth tokens are required to grant applications access to the Trading API's methods and resources in order to issue calls.

There are two application use cases that can be implemented, differing only by the number of users supported by the application:

• Single User Model: the application only supports one user.
• Solutions Provider Model: the application supports multiple users.

For additional information, refer to:

• Understand Auth'n'Auth tokens
• Get Auth'n'Auth tokens

Token/User Authentication Calls

The Trading API includes the following calls which are used to authenticate users and grant access:

• ConfirmIdentity: Returns the ID of a user who has gone through an application's consent flow process for obtaining an authorization token.
• FetchToken: Retrieves an authentication token for a user.
• GetChallengeToken: Retrieves a botblock token and URLs for an image or audio clip that the user is to match.
• GetSessionID: Retrieves a session ID that identifies a user and your application when you make a FetchToken request.
• GetTokenStatus: Requests current status of user token.
• RevokeToken: Voluntarily revokes a token before it would otherwise expire.
• ValidateChallengeInput: Validates the user response to a GetChallengeToken botblock challenge.
• ValidateTestUserRegistration: Requests to enable a test user to sell items in the Sandbox environment.