To help Wish API partner integrators better understand the Wish API documentation, what actions can be done via API compared to on Merchant Dashboard, and what features are critical to support when building integration to Wish, we've created the following guide to walk API partners through how to get started on creating a public app via API. Please follow each step:
1. Sign up for public app on Wish sandbox environment:
1). Partner registers as ERP via the ERP Signup page on Wish sandbox environment. Partner can review Wish API documentation.
2). Partner emails Wish Partner API email (partner-api@wish.com) to let Wish know they have signed up for Partner API access to the Wish sandbox environment.
3). Wish will approve Partner’s application.
4). Once Partner is approved, Partner should sign in.
5). Click on Account > Create App.
Create an app Name (use a name that you want merchants to see). Redirect URL is needed for OAuth (it’s where authorization is sent to, you can alter it at any time).
Please note, the details on the above page in Sandbox will not be seen by merchants.
6). Partner will be provided with a client ID and client secret, which will be used by the Partner to do merchant account testing on Wish sandbox (Wish API OAuth process on sandbox requires client ID and client secret).
2. Partner to make a second login on Sandbox as a merchant. Since this is the sandbox environment, the merchant information input by Partner does not need to be that of an actual merchant.
1). Partner will use a different email from ERP registration to sign into Wish and begin public app development as a merchant.
2). Associate the fake merchant account with the ERP Partner.
a). When logged in as a merchant in the sandbox the merchant should change the URL to https://sandbox.merchant.wish.com/v3/oauth/authorize?client_id={client_id} where {client_id} is the client_id that the ERP generated when they created the public app. This will trigger a prompt asking for the merchant to authorize the ERP to have full access to the merchant store.
b). When the merchant authorizes permission the URL will change to https://example.redirect.uri.com?code={authorization_code} where the redirect was specified when the ERP created the Public App.
c). At this point the typical oAuth processes can be followed
d). All API requests should include the access_token. Access tokens are valid for 30 days.
e). To obtain new access tokens the refresh_token can be used. This action will invalidate the previous token.
3). Partner will do all testing in Wish sandbox environment.
4). No additional approval from Wish is required to proceed
3. Sign up for public app on Wish production environment
1). Partner registers as ERP in production via the ERP Signup page on Wish production environment.
2). Partner emails Wish Partner API email (partner-api@wish.com) to let Wish know they have signed up for Partner API access to the Wish production environment.
3). Wish will approve Partner’s application or notify Partner of identified issues.
4). Once approved, you may login and select Account > Create App.
Partner enters information to be published in the Wish App Store. App name and Redirect URL are required fields. Partner may also enter additional information, such as app logo, value proposition, description, website and/or support email, which need to undergo a review process as they will be visible to merchants.
If this additional information is entered, the app will still be created and be able to integrate with the API, however, these fields will only be published in the Wish App Store once they are approved. In the meantime, the approval status of these additional information fields can be viewed as shown below.
You can view and edit all information submitted above (required or additional) by navigating to Account > App Settings. If the details in the additional information fields are edited or deleted, they will need to undergo the review process again.
5). Review Wish Production environment API documentation
6). Partner completes OAuth process.
7). Partners need to turn on their integration in Wish production environment and remember to point API calls to Wish production environment instead of sandbox environment.
4. Merchants must register a unique store account on Wish Merchant Dashboard and authorize the ERP to send/receive data to/from the merchant’s Wish store.
1). As part of merchant account registration, merchants will need to submit information verifying business license and personal information ID, which will be approved by Wish.
2). Merchant accounts will be approved by a Wish account manager representative.
3). Merchants then need to authorize ERP through one of the following methods:
a). Merchant registers for an account at the ERP of their choice.
(i) Merchant selects Wish authorization link from ERP interface to redirect them to an OAuth Authorization page where they can authorize the ERP.
• The link should be as follows with the ERPs unique production client ID: https://merchant.wish.com/v3/oauth/authorize?client_id={PRODUCTION_CLIENT_ID}
(ii) Merchant clicks ‘Authorize’ to redirect them to the ERP specified "Redirect URI" with an authorization code. ERP will use this authorization code to call Wish APIs to get access token.
b). Merchant discovers ERP on the Wish App Store (NOTE: this process is not yet launched, but ERPs should be able to handle this process in preparation for its future launch):
(i) Merchant selects ‘Add App’ to redirect them to an OAuth Authorization page where they can authorize the ERP.
(ii) Merchant clicks ‘Authorize’ to redirect them to the ERP specified "Redirect URI" with an authorization code. ERP will use this authorization code to call Wish APIs to get access token.
• The connection may not be complete if the ERP specified “Redirect URI” page cannot handle the case where the merchant is not signed in and/or doesn't have an account with the ERP.
• To complete the connection, prompt the merchant to log in or sign up for your ERP. Then, carry the authorization code forward in the url, and complete the OAuth process once the merchant is logged in or has created an account.
c). Authorization is now complete.
d). If at any point the merchant intends to de-authorize the ERP, the merchant can do so from Wish Merchant Dashboard at Account > Settings > API Settings.
Please note to improve security for public apps, partners are now able to add up to 2 OAuth client secrets for their public apps. Simply navigate to your App Settings page and click “Add second key” under the first client secret to add a second one:
If needed, partners may also rotate the 2 client secrets by deleting one and adding a new one, in case their client secrets have been compromised.
Note: For links to documentation, tips, tutorials, and more check out the Wish Developers Page.
Comments
0 comments
Please sign in to leave a comment.