fulfillmenttools
  • Welcome to the fulfillmenttools Platform Documentation
  • Getting Started
    • Setup your access to fulfillmenttools
    • Make your first API Calls
      • Add your first facility
      • Add your first listing
      • Place your first order
    • Core concepts & terminology
      • Order Flow
    • Postman Collection
    • Client SDKs
    • FAQ
  • Clients
    • Backoffice
      • First steps - Registration
      • Network view
        • Home
        • Orders
          • Unroutable orders
          • Pre-orders & Backorders
          • Order History
        • Inventory Management
          • Stock Overview
          • Channel Inventory
        • Facilities
        • Users
        • Returns
        • DOMS configuration
        • Settings
        • Analytics
          • DOMS Pages
          • Fulfillment Operations Pages
          • Inventory Pages
          • Downloads Page
      • Facility view
        • Home
        • Inbound
        • Tasks
        • Listings
        • Storage Locations
        • Facility
        • Users
    • Inventory app
      • Registration Inventory App
      • App sections
        • Inbound
        • Storage and relocation
    • Operations app
      • Android
        • Manual Registration
        • Android Enterprise Registration
        • Sections
          • Picking
            • Load Units (legacy)
            • Substitute items
            • Weighed or measured products
            • Scanning configuration
            • Picking Methods
              • Batch Picking
              • Multi Order Picking
          • Packing
          • Handover
          • Returns (legacy)
        • Printing
        • Notifications
      • Webapp
        • Packing
      • Overview features Android & Webapp
    • Technical requirements
      • Zebra Hardware Scanner Configuration
      • Honeywell Hardware Scanner Configuration
      • Supported barcodes for camera scanning
      • Requirements for fft applications
      • Zebra printer
    • Returns app
      • Handle unannounced returns
      • Handle announced returns
  • Products
    • Core Functionality
      • Process
        • External actions
      • Add and manage facilities
      • Notification Center
      • Checking on features
      • Tags and Stickers Concept
      • GDPR
      • Remote Configuration
      • Expiry
      • Target time
      • Time calculation for queries of future availabilities (LPS-calculation)
      • Interfacility Transfer
    • Carrier Management
      • Overview
        • Available Carriers
      • Concepts
        • Carrier Country Service Mapping (CCSM)
        • Non-delivery-days
        • Custom Carrier & Headless operation of Carriers
      • Providing needed data
    • Fulfillment Options
      • Fulfillability Check
      • Checkout Options
        • Available fulfillment options based on basket
        • Earliest possible delivery date
        • Available delivery dates within time-period
        • Availability for delivery date
      • Delivery Promise
    • Inventory Management
      • Configurations
      • Entities
        • Listing
        • Stock
          • Stock Properties
        • Storage Location
        • Zone
      • Global Inventory
        • Stock availability
        • Channel Inventory
        • Expected stock
        • Inbound Process
        • Reservations
        • Safety Stock
      • Inventory Control
        • Inventory Traits
        • Measurement Units
        • Outbound Inventory Tracking
        • Storage Location Recommendations
    • Order Fulfillment
      • Headless Order Fulfillment
      • Pick Jobs
      • Zone picking
      • Load Units
      • Custom Service
      • Handover Jobs
      • Add External Documents
      • Configurations
        • Picking Configuration
          • Picking methods
          • Short Pick Reasons
        • Packing Configuration
          • Packing Container Types
        • Print / Document Configuration
        • Tag Configurations
          • Parcel Tag Configuration
        • Handover Configuration
        • Operative Container Types
    • Order Routing
      • Entities
        • Ship-from-Store Orders
        • Click-and-Collect Orders
        • Locked Orders
        • Custom Services Orders
          • Simple Custom Service Order
          • Complex Custom Service Order
      • Fences
      • Ratings
      • Order Split
        • Order split - initial routing
        • Order split after shortpick
        • Item bundles
      • Reroute
      • Shape the routing with the DOMS Toolkit
      • Decision logs
    • Returns Management
      • Returns legacy
        • Available status
      • Returns 2.0
        • Return Reasons
        • Item Conditions
        • Integrating Returns with Events
    • Use Cases
      • Demand-Driven Replenishment
      • Expected stock in availability
      • Multi Order Picking
      • Interfacility transfer
      • Assigned Users
  • Connecting to fulfillmenttools
    • General Topics
      • Use external identity providers to authenticate to fulfillmenttools
        • Microsoft Entra ID / Azure Active Directory (AD)
      • Public Event Export
      • Available Regions
      • Backup Policies
    • GraphQL API
    • RESTful API
      • General Topics
        • API Release Life Cycle
        • Versioning
        • Authorization
        • Customization via Attributes
        • Update Guarantees
        • Rate Limits
        • Resource Timestamps
        • Pagination Interface
        • Localization
        • Custom Attributes
      • OpenAPI Specification
        • Swagger UI
        • OpenAPI 3.0 Spec
    • Eventing
      • Structure of an Event
      • Available Events
      • Tutorial
    • commercetools Connect
    • Integration Tutorial
      • Adding facilities
      • Adding listings to facilities
      • Configuring stocks
      • Carrier configuration
      • Placing orders
      • Checkout Options
      • Distributed Order Management System (Routing)
      • Local fulfillment configuration
  • Incident Reporting
    • How to report incidents in fulfillmenttools
    • How to define incident priorities
  • Release Notes
    • Release Summary – May 2024
    • Release Summary – June 2024
    • Release Summary – July 2024
    • Release Summary – August 2024
    • Release Summary – September 2024
    • Release Summary – October 2024
Powered by GitBook
On this page
  • Authorization
  • Request towards Authentication Provider
  • Response from Authentication Provider
  • Refreshing an authorization token
  • Your first call against fulfillmenttools API
  • Congratulations!
  • Next Steps

Was this helpful?

  1. Getting Started

Make your first API Calls

PreviousSetup your access to fulfillmenttoolsNextAdd your first facility

Last updated 5 months ago

Was this helpful?

This page is outdated. Please go to our new documentation under .

In order to issue your first successful API call you need to perform two steps

  1. Obtain a valid JWT Token from our IdentityProvider.

  2. Make the actual API call.

Authorization

fulfillmenttools platform is secured using an external Identity-Provider (Google Identity Platform) which issues JWT tokens in exchange for a valid username and password. This JWT token encodes (among other things) your username, your role and which facility you are assigned to in a secure way.

Authorization against our API works by using such an issued JWT Token in every request as a HTTP-Header as follows.

For the sake of simplicity we are using curl calls throughout the documentation as a "common understanding" on how a REST call should look like. Please feel free to adapt this call to your used http client technology.

Request towards Authentication Provider

curl -sSL -X POST 'https://identitytoolkit.googleapis.com/v1/accounts:signInWithPassword?key=<AUTHKEY>' \
  --header 'Content-Type: application/json' \
  --data-raw '{"email": <USERNAME>,  "password": <PASSWORD>, "returnSecureToken": true}'

<AUTHKEY>, <USERNAME> and <PASSWORD> have to be valid to your fulfillmenttools instance and are being given to you when the instance was created. The user must be an email address, which is usually in the format <USER>@<YOUR_INSTANCE_NAME>.com

You can easily find your instance by looking at the Backoffice- or API-URL: Backoffice: https://<YOUR_INSTANCE_NAME>.web.app REST-API: https://<YOUR_INSTANCE_NAME>.api.fulfillmenttools.com

Response from Authentication Provider

As a result, an answer looking similar to this is responded:

{
  "kind": "identitytoolkit#VerifyPasswordResponse",
  "localId": "jdwBuqqYWdYoqWTH1Xv85EJJMpm2",
  "email": "willy@wonkacandycompany.com",
  "displayName": "Willy Wonka",
  "idToken": "eyJhbGciOiJSUzI1NiIsImtpZCI6ImMzZjI3NjU0MmJmZmUN0WU5OGMyMGQ2MDNlYmUyYmExMTc2ZWRhMzMiLCJ0eXAiOiJKV1QifQ.eyJpc3MiOiJodHRwczovL3NlY3VyZXRva2VuLmdvb2dsZS5jb20vb2NmZi1kZXYtYm94ZmlzaC12MS1ibHViIiwiYXVkIjoib2NmZi1kZXYtYm94ZmlzaC12MS1ibHViIiwiYXV0aF90aW1lIjoxNTkyODI0MDg2LCJ1c2VyX2lkIjoiamR3QnVxcVlXZFlvcVdUSDFYdjg1RUpKTXBtMiIsInN1YiI6Impkd0J1cXFZV2RZb3FXVEgxWHY4NUVKSk1wbTIiLCJpYXQiOjE1OTI4MjQwODYsImV4cCI6MTU5MjgyNzY4NiwiZW1haWwiOiJ0ZXN0QHRlc3QuZGUiLCJlbWFpbF92ZXJpZmllZCI6ZmFsc2UsImZpcmViYXNlIjp7ImlkZW50aXRpZXMiOnsiZW1haWwiOlsidGVzdEB0ZXN0LmRlIl19LCJzaWduX2luX3Byb3ZpZGVyIjoicGFzc3dvcmQifX0.nTlNZTj5B3-lOToCuzEFIqTQSz4cPY1lOhdj12-RG1wOTlOoS_u5JGi4Zw4S684o07381g3ooC_B-KM2UhqaQMAkWfA_OA1cJgD_rrAdIUov_cuYdCYXHmvI-8kAajsy6R08Uh3lQYHx9tmyzbweqDFluGXEc9huH-QoWfoiwZ9Y1sjguAgC1ZCbQi3AkgKcKOqHVn8bGFxYK6KxoyXMZxaiFrfwjMQ-lov0554akQDBU0gAqLCszXtmQP7rNI5boeMIA1vo0myTXwvmYLMHIVJVn6Ej-I2SSAY1OCdafgF6k492lxJN8lJhsTsJfCynLgbiNgHJJxtBXSTSFnp2fA",
  "registered": true,
  "refreshToken": "AE0u-NeGDdHWPB0RjOYOL5AlfSO6r8CvMO6eLSXxdjMG9xiXQmBxZKJgu9OSwZ2JJc2jgSTgiNFYTFYmd1DAlfcCzpunAOF6JC8ZofkrkM75lTjMyQgxWlGWIP24dk2qaMvtAPt2oK8RtsjKx4TRQosFagokGTukQKxSWxSpTEDZl0QbWM9zmbBjzBqSK5yCWMwK2qHJpYgfJvoyAyReo76mRDC36NUpRMKoncagBq30OFCJkEgpvyI",
  "expiresIn": "3600"
}

Two attributes in the above response are of special importance:

  1. idToken is the actual JWT Token you need to send along every REST Call you issue against the fulfillmenttools API. It has an expiration period to it depicted by the attribute expiresIn. In this case it is valid for 3600 seconds which equals to 1 hour. After that you need to get a fresh token.

  2. refreshToken should be used to get a fresh token without providing the credentials again.

Refreshing an authorization token

curl -sSL -X POST 'https://securetoken.googleapis.com/v1/token' \
  -d 'grant_type=refresh_token' \
  -d 'refresh_token=<REFRESH_TOKEN>' \
  -d 'key=<AUTHKEY>'

Your first call against fulfillmenttools API

As an example please see the following request which reads the list of facilities from fulfillmenttools:

curl -sSL 'https://your.api.fulfillmenttools.com/api/facilities/' \
  --header 'Authorization: Bearer <TOKEN>'

Please take note of the HTTP Header Authorization followed by the value Bearer <AUTH_TOKEN>.

A 200 OK response would look similar to this:

{
    "facilities": [
        {
            "id": "0dee02e8-f6a7-4080-b5ab-ffa477132f35",
            "name": "Bills Candy Shop",
            "version": 3,
            "status": "ONLINE",
            "created": "2023-08-22T14:39:27.014Z",
            "lastModified": "2023-08-22T14:39:28.476Z",
            "city": "München",
            "country": "DE",
            "houseNumber": "58",
            "street": "Lilienstr.",
            "postalCode": "81669"
        }
    ],
    "total": 1
}

Congratulations!

You just made your first successful API request - nicely done! Wasn't that hard, right?

However, this is just the beginning. We suggest to proceed along our tutorials to get a better understanding about the capabilities of fulfillmenttools.

Next Steps

Now you can go ahead and rule the world with the powerful fulfillmenttools API.

There is an imposed rate limit on calls towards the identitytoolkit for new tokens based on username & password (See ). Currently you are able to request 25 tokens within a 10 minute period for a specific user. This could be especially relevant for connector implementations as it might be feasable to cache & share tokens between function invocations.

In order to get a valid JWT Token after the expiration ran out you can either (not recommended) or use the refreshToken given to you by the Authentication Provider (suggested):

Identity Platform - Quoatas
re-issue the call above
https://docs.fulfillmenttools.com/documentation
Drawing