Authorizaton

Priceli API uses two authorization models you can choose from:

Note: For now you should use only the API Key as explained by model 2

 

Model 1 - Access Token

1. Sending API KEY to the "authorize" interface

2. Get as response JSON response with access_token parameter 

3. For any subsequent request send the access_token parameter as request param.

This model is useful for example if you want to make calls directory from client, and do not want expose your secret API Key. In this case you first perform a request to api entry point on your server where you call "authorize" interface. You then return the access_token response back to client and from now on you can perform direct API calls to Pricely, using the access_token and without exposing your API Key. 

Model 2 - Sending API Key

In el each request to Priceli API should also include the API Key associate with your account on Priceli.co.il website. This model is suitable if your access to Priceli API is handled using server-side code. Therefore no risk of exposing your API Key to the public.  

Model 3 - OAuth Authentication

The OAuth authentication model is applied only for API interfaces that involve with collecting private information, for example if requesting for information about usage, or when posting data into Priceli. Using OAuth requires more explanation and you can read about it here. Note, you need to use this model Only when API documentation state that OAuth is required. In other cases use one of the two models above - this simplify things!  

Why is it important to keep API Key secert? 

Although Priceli API is exposes public information  about prices,stores and promotions your API Key should kept secret because it is used for calculating your usage volume. When request is performed using API Key or Access Token (as explained above), your account is updated with data about usage volume. This data is later used for calculating the monthly usage and therefore the required fee. You should therefore keep your API Key secret. If you perform direct calls from client devices or web browsers, make sure to perform an initial authorization via server-side code that replace API Key with access token. Then you can safely move the access_token to the client and call the Priceli directly from the client without exposing you API Key.  

 

 

 

Request parameters: 

1. api_key - the APY Key provided to you upon accepted to developer program when registering to http://developers.priceli.co.il

Sample code: 
<?php

$params = array("api_key" => "YOUR_API_KEY");
$url = "http://api.priceli.co.il/v1/security/authorize?" . http_build_query($params);
$response = file_get_contents($url);
$data = json_decode($response);
if ($data->status == 1) {
    //return access token to your client so it can be used for direct API calls
    echo "Access Token: " . $data->data->access_token;

} else {
    echo "Error occur: " . $data->message;
}

echo "
JSON response: " . $response;

?>

Sample Response : 
{"status":1,"count":1,"total":1,"pageLimit":1,"pageNum":1,"data":{"access_token":"5251006be487ac2c0a994ca02d9c83ed","scope":"session"}}
Required Creadential: 
API_KEY