Skip to main content

Authentication

POST /v2/oauth/token

Returns an access token. The access token must be included in requests as a Bearer token.

Before you call the authentication endpoint, get your client ID and client Secret from Instacart. You need to pass these values in your request. The generated access token is valid for 24 hours. After this period, your site needs to authenticate again.

For a tutorial, see Get started.

Request#

FieldTypeRequiredDescription
client_idstringโœ…The client ID.
client_secretstringโœ…The client secret.
grant_typestringโœ…The grant type.
codestringThe authorization code.
redirect_uristringThe redirect URI when the authorization code was generated.
important

For client-level authentication, the grant type must be set to client_credentials. Authorization code and redirect URI must not be set.

Request Examples#

curl --request POST \  --url https://connect.instacart.com/v2/oauth/token \  --header 'Accept: application/json' \  --header 'Content-Type: application/json' \  --data '{  "client_id": "string",  "client_secret": "string",  "grant_type": "client_credentials",  "code": "string",  "redirect_uri": "string"}'

Response#

FieldTypeRequiredDescription
access_tokenstringโœ…The token to be used to authenticate requests.
token_typestringโœ…The token type.
expires_innumberโœ…The number of seconds the token will expire in.
created_atnumberโœ…The epoch time of when the token was created.
scopestringThe scope of the token.
note

For client-level authentication, the scope is not set.

Response Examples#

{  "access_token": "mhtEdMZYPypuW_I0fYken8cAqE7llDaoNefHSeVj9u4",  "token_type": "Bearer",  "expires_in": 86400,  "created_at": 1603897760}