Skip to main content

Get a user access token for the Post-checkout API

Learn how to get an access token to use with the Post-checkout API endpoints. To generate the access token, first encode the user ID and then include it as an assertion.

  1. Before you begin
  2. Create an order
  3. Encode the user ID
  4. Generate a token
  5. Get the order

Before you begin

For this tutorial, you need the following items:

Create an order

Create a delivery order. For instructions, follow the Implement delivery tutorial in the Fulfillment Guide.

You need the user ID from the Create a Connect user account response to generate the access token that you use with the Post-checkout API endpoints. Requests to these endpoints retrieve only the order data associated with this user ID.

Encode the user ID

Use a tool of your choice to encode the user ID in Base64 format. Pass the following JSON snippet to the encoder, substituting the user ID that is associated with the order you created.

{ "user_id": "kamalsingh1234" }

The tool returns an encoded string.

eyAidXNlcl9pZCI6IGthbWFsc2luZ2gxMjM0fQ==

Copy the encoded string. You'll use it in the next step.

Generate a token

To generate the token, use the authentication endpoint. In the body, specify your client ID and secret, the grant type as fulfillment_user_assertion, and the scope as connect:post_checkout. Paste the encoded string in the assertion parameter.

curl --request POST \
  --url 'https://<instacart_development_domain>/v2/oauth/token' \
  --header 'Accept: application/json' \
  --header 'Content-Type: application/json' \
  --data '{
    "grant_type": "fulfillment_user_assertion",
    "client_id": "<your_client_id>",
    "client_secret": "<your_client_secret>",
    "assertion": "eyAidXNlcl9pZCI6IGthbWFsc2luZ2gxMjM0fQ==",
    "scope": "connect:post_checkout"
}'

The response contains the generated token.

{
  "access_token": "2h0E5SCzTNQm69fiFjrMUXcPEopMVODcMPslLClH6Ko",
  "token_type": "Bearer",
  "expires_in": 86400,
  "scope": "connect:post_checkout",
  "created_at": 1631804913
}
note

The token is valid for 24 hours. During this period, reuse the same token in your requests. After 24 hours, you must generate a new token.

Get the order

To validate that your access token works, try retrieving the order you created.

In the following request, substitute the development domain URI and the ID of the order. In the header, specify the access token as a Bearer token.

curl --request GET \
  --url 'https://<instacart_development_domain>/v2/post_checkout/orders/<order_id>' \
  --header 'Accept: application/json' \
  --header 'Authorization: Bearer <token>'
Last updated on