:lock: Get to know about our API authentication process here!


When you use OAuth2, the Cymbio Authentication API allows you to handle all aspects of user identification. It has endpoints for logging in, signing up, logging out, using APIs, and more.

OAuth 2.0 is the identity protocol supported by the API.

To receive an access token, you need to perform the following steps:

  1. Contact our team to receive the invitations to sign up to the Cymbio staging portal.
  2. Receive Client ID, Supplier ID, Client Secret, and Retailer ID.
  3. Set your Grant Type (your credentials).
  4. Set the scope definitions per the diagram below.
  5. Request an Access Token by sending a POST request to htttps://api.cym.bio/oauth/token for the Production environment, or https://cymbio3-api-staging.cym.bio/oauth/token
    for the Staging one.
  6. Receive an Access Token.

The following diagrams show the overview of the API authentication process for both Supplier and Retailer API.




The access token is only valid for a five minutes period. You need to get a new access token after the five minutes period has passed.

Base URL

The Authentication API is accessible through HTTPS {{api-host}}/OAuth/token). The following is the base for all URLs mentioned in the documentation: https://api.cym.bio/.

Authentication Parameters

To get authenticated, you need to have the following parameters:

client_idThe Client ID that you receive upon account activation.
client_secretThe Client Secret that you receive upon account activation.
grant_typeThe Client Credentials Grant Type to request an access token.
usernameThe username of your account.
passwordThe password of your account.
scopeThe scope capability of your API request for various API endpoints. For example: read, write, etc. For details, please see the Scope section below.


Each API has a scope definition that you need to request based on the calls, but the relevant ones are:

read:channelsRetrieves channels list
read:inventoryRetrieves inventory-related info (inventory, history)
read:ordersRetrieves orders
read:retailersRetrieves retailer's info (suppliers attached to this retailer, supported languages, etc.)
read:suppliersRetrieves supplier's info (testing portal, order by id, etc.)
read:variantsRetrieves variant-related info (languages, variants, etc.)
read:warehousesRetrieves warehouse-related info (warehouses, etc.)
write:fulfillmentsUpdates fulfillment-related info (rejects, shipments, etc.)
write:inventoryUpdates inventory-related info (inventory per supplier)
write:ordersUpdate order-related info (orders, cancels, update fulfillments, etc.)
write:retailersUpdate retailers-related info (retailer, orders, returns, etc.)
write:suppliersUpdate suppliers-related info (import permissions, import pricing, etc.)
write:variantsUpdate variants-related info (save, update, delete, etc.)
write:warehousesUpdate warehouses-related info

:email: Need help?

If you've run into an issue, please report it by emailing [email protected]. Include a description of the issue you're experiencing, provide steps to recreate it, and share the API call you did including the body/payload and the full responses that you received. A member of our team will reach out for additional info if needed.