Get started

Istores SSO Integration

This guide walks you through the OAuth 2.0 SSO integration flow with Istores.

Step 1 — Create a Provider

Step 2 — Obtain Your Credentials

After creating a provider, you will receive your client_id and secret. Keep these safe — they are required for all subsequent OAuth steps.

Step 3 — Redirect the Customer to the Authorization URL

Send the customer to the following URL to initiate the OAuth flow:

Code
 
nova.istores.co.il/oauth/authorize

Include the following query parameters:

Parameter	Description
`client_id`	Your client ID obtained in Step 2
`redirect_uri`	Your redirect URL where the customer will be sent after authorization
`response_type`	Must be `code`
`scopes`	The scopes you are requesting from the customer

Example URL:

Code
 
nova.istores.co.il/oauth/authorize?client_id=test_client_id&redirect_uri=https://nova.istores.co.il/test/returnUrlOauth&response_type=code&scopes=products:read

Available Scopes

Scope	Description
`products:read`	Read access to the store's product catalog
`products:create`	Create new products
`products:update`	Update existing products
`products:delete`	Delete products
`pages:read`	Read access to pages
`pages:create`	Create new pages
`pages:update`	Update existing pages
`pages:delete`	Delete pages
`customers:read`	Read access to customers
`customers:create`	Create new customers
`customers:update`	Update existing customers
`customers:delete`	Delete customers
`charge:wallet`	Charge a customer's wallet
`charge:card`	Charge a customer's card
`pbl:read`	Read access to pay-by-link resources
`pbl:create`	Create pay-by-link resources
`pbl:update`	Update pay-by-link resources
`pbl:delete`	Delete pay-by-link resources

After the customer authorizes, they will be redirected to your redirect_uri with a code parameter. Exchange this code for an access token to make authenticated API requests.

Step 4 — Exchange the Code for an Access Token

After the customer is redirected back to your redirect_uri, extract the code parameter from the URL and make a POST request to obtain an access token.

Endpoint:

Code
 
POST /oauth/token

Request Parameters:

Parameter	Description
`client_id`	Your client ID obtained in Step 2
`client_secret`	Your client secret obtained in Step 2
`code`	The authorization code received at your `redirect_uri`

Response:

Code(json)
 
{
  "access_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
  "token_type": "Bearer",
  "expires_in": 36000000
}

Field	Description
`access_token`	The JWT Bearer token
`token_type`	Always `Bearer`
`expires_in`	Token validity duration in seconds

Last modified on 14 апреля 2026 г.

MyIstores API