Skip to main content

Developer Portal

User Guides

Billing and Subscriptions

Manage subscriptions, payment method information and discounts using REST APIs.

Products

Manage products in the catalog by defining product information, editions and pricing plans using GraphQL APIs.

Users and Accounts

Manage users, companies, and memberships in your marketplace including user roles and permissions.

API Authentication

Our APIs use an OAuth-authenticated interface that facilitates secure data access by partners and developers.

AI User Guides

Get started building AIs for yourself, your organization, or your customers. Craft profiles, configure data sources, and model parameters.

APIs and References

GraphQL API Reference

Explore the reference documentation to learn more about the queries and mutations currently available within the AppDirect GraphQL API.

REST API Reference

See examples of how to perform different tasks, like user and company management or billing and subscription management.

AI APIs

Customize, integrate, and extend AIs for your organization and customers via industry-standard APIs

Developer Tools

GraphQL Explorer

Quickly write, validate, and test GraphQL queries for AppDirect APIs

GraphQL Schema Introspection

Query the schema to discover available queries, mutations, subscriptions, types and fields in our GraphQL API.

Demo GraphQL API Explorer

Check out the demo explorer tool by running queries using sample data.

Storefront Theming

Getting Started

Learn to modify elements of Plaza, our default theme, to customise components for storefront display including homepage and product profiles.

How to Guides

Everything you need to know about customizing styles, meta tags, creating a header and footer, or localising, uploading and publishing your theme.

Storefront Toolkit

Check out the demo explorer tool by running queries using sample data.

Grant types

The OAuth 2.0 specification defines five methods (known as grant types) that an API client can use to request an access token. The method your application will use largely depends on the following three factors:

Required access level.
- User-level: API authorization is delegated to your application by a marketplace end user so that your application can make API requests as if they were the user.
- System-level: API authorization is delegated to your application directly, not on behalf of an end user.
Ability to keep a client secret secure.
Access to an end user's login credentials (username and password).

Use the following table to determine which type of grant type is appropriate for your client.

Grant type	Access level required	Client can secure client secret	Access to user credentials	Supports refresh token	Sample use case
Authorization Code	user	yes	no	yes	Web server application, Native application (with PKCE)
Implicit	user	no	no	no	JavaScript application
Password	user	yes	yes	yes	Trusted web server applications that require direct login
Client credentials	system	no	no	no	System-to-system integrations

For some end-user flows (Authorization Code and Password), you can use the optional Refresh Token grant type to automatically obtain a new access token after the current token expires. If you do not use a Refresh Token, the user has to re-authenticate for the API client to acquire a new access token to replace the expired one.

Was this page helpful?

Tell us more…

Help us improve our content. Responses are anonymous.

Thanks

We appreciate your feedback!