Access Tokens as an Alternative to IP Whitelists

Avatar for Anton Bondarenko
By
Access Tokens
Likethumbsup(4)Dislikesthumbsdown(0)

Access tokens are useful in token-based authentication to allow access to static assets or dynamic documents. Shortly, we will introduce two types of tokens:

  • Content Access Tokens are useful to access static resources like images, videos, and any other supported types of Multimedia Objects. For example, a user can use the token in a browser-to-server scenario to authenticate browser access rights.
  • API Access Tokens are useful to access the dynamic content of product documents, especially via XML and JSON APIs. These tokens are used in a server-to-server access scenario.

Further, the Icecat team checks if the usage of tokens conforms to the subscriptions of a user. Additionally, the team will monitor suspicious tokens and revoke tokens, if necessary.

Tokens and IP Whitelists

Furthermore, Icecat supports backward compatibility. So, we still process those calls made without tokens as usual by comparing the IP address of the request to IPs in a whitelist. In contrast, calls with Access Tokens will not be validated by checking the IP address against the whitelist. Therefore, no additional configuration is required for existing client implementations.

How to get an Access Token?

How to access?

A new access page on Icecat.biz will go live in February 2022. After that, authorized users will be able to generate for themselves the two types of tokens on the access page, without the need for contacting support. Furthermore, we will revoke unnecessary or compromised tokens via the same page. Moreover, users can create as many tokens of each type as is necessary for their applications.

How to Use the Tokens?

Here an example of the use of an API Access Token:

curl --location --request GET 'https://data.icecat.biz/xml_s3/xml_server3.cgi?product_id={product_id};lang={short_code};output=productxml' \
--header 'Api-Token: {your_api_token}'
curl --location --request GET 'https://data.icecat.biz/xml_s3/xml_server3.cgi?lang={langcode}&prod_id={mpn}&vendor={brandName}&output=productxml' \
--header 'Api-Token: {your_api_token}'
curl --location --request GET 'https://data.icecat.biz/xml_s3/xml_server3.cgi?ean_upc={gtin}&lang={langcode}&output=productxml' \
--header 'Api-Token: {your_api_token}'

Of course, you get an error if you send a non-existing or revoked API token to Icecat.

Examples for Content Access Token:

Here an example of the use of a Content Access Token:

curl --location --request GET 'https://data.icecat.biz/xml_s3/xml_server3.cgi?product_id={product_id};lang={short_code};output=productxml' \
--header 'Content-Token: {your_content_token}'
curl --location --request GET 'https://data.icecat.biz/xml_s3/xml_server3.cgi?lang={langcode}&prod_id={mpn}&vendor={brandName}&output=productxml' \
--header 'Content-Token: {your_content_token}'
curl --location --request GET 'https://data.icecat.biz/xml_s3/xml_server3.cgi?ean_upc={gtin}&lang={langcode}&output=productxml' \
--header 'Content-Token: {your_content_token}'

Examples with both tokens:

In case you send a Content token, we will add the token to all content galleries, multimedia objects, and reasons to buy. Below, a code example:

https://icecat.com/objects/1234567890.mp4?content_token={your_content_token}
curl --location --request GET 'https://data.icecat.biz/xml_s3/xml_server3.cgi?product_id={product_id};lang={short_code};output=productxml' \
--header 'Api-Token: {your_api_token}' \
--header 'Content-Token: {your_content_token}'
curl --location --request GET 'https://data.icecat.biz/xml_s3/xml_server3.cgi?lang={langcode}&prod_id={mpn}&vendor={brandName}&output=productxml' \
--header 'Api-Token: {your_api_token}' \
--header 'Content-Token: {your_content_token}'
curl --location --request GET 'https://data.icecat.biz/xml_s3/xml_server3.cgi?ean_upc={gtin}&lang={langcode}&output=productxml' \
--header 'Api-Token: {your_api_token}' \
--header 'Content-Token: {your_content_token}'

Don’t hesitate to get in touch with support to receive your access tokens and to revoke them when needed.


Subscribe to our newsletter and stay updated.
Loading

Leave a Reply

Your email address will not be published.

Icecat xml
 November 3, 2019
 October 4, 2018
Manual

Manual for Icecat Live: Real-Time Product Data in Your App

Icecat Live is a (free) service that enables you to insert real-time produc...
 June 10, 2022
Manual for Icecat CSV Interface

Manual for Icecat CSV Interface

This document describes the manual for Icecat CSV interface (Comma-Separate...
 September 28, 2016
Manual

Manual for Open Icecat JSON Product Requests

JSON (JavaScript Object Notation) is an increasingly popular means of trans...
 September 17, 2018
icecat add ons

Icecat Add-ons including Magento, PrestaShop, Shopify, Magento, Google Shopping. NEW: Pimcore

Icecat has a huge list of integration partners, that make it easy for clien...
 August 1, 2020
Manual

Manual for Personalized Interface File and Catalog from Icecat

With Icecat, you can generate personalized or customized CSV or Excel files...
 May 3, 2022
Manual

Manual: How to Import Free Product Content Into Your Webshop via Icecat

This guide will quickly show you how to import free product content from Ic...
 February 25, 2022