Skip to main content

Overview

All e-CROSS APIs are private and require authentication. You must authenticate through the authentication endpoint using your client credentials to generate an access token. This token must be included in the Authorization header of all subsequent API requests.
You cannot register yourself. Your e-CROSS representative must register your merchant user and provide you with clientId and clientSecret credentials.

Authenticate

Generate a new JWT authentication token to use across all API resources. 
curl -X POST 'https://auth.api.e-cross.tech/token' \
  -H 'Content-Type: application/json' \
  -d '{
    "clientId": "your-client-id",
    "clientSecret": "your-client-secret"
  }'

{
  "token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
  "tokenType": "Bearer",
  "expiresIn": 28800
}

{
  "message": "Incorrect username or password."
}

Request Parameters

clientId
string
required
The client ID provided to identify your merchant account (username).
clientSecret
string
required
The client secret to authenticate your merchant account (password).

Response Fields

token
string
required
The access token required for the Authorization header in all subsequent requests. Use the format: Authorization: Bearer {token}
tokenType
string
required
The token schema type. Always returns Bearer.
expiresIn
integer
required
Time duration until token expiration in seconds. Default value is 8 hours (28,800 seconds).

Using the Token

Include the token in the Authorization header of all API requests: 
curl -X GET 'https://product.api.e-cross.tech/ext/merchant/skus' \
  -H 'Authorization: Bearer YOUR_TOKEN_HERE'

Token Expiration

The access token has a limited validity period indicated by the expiresIn value in the response. Once the token expires, you must repeat the authentication flow to obtain a new access token using your client credentials.

Performance Considerations

Cache your tokens: The generated access token has an 8-hour validity by default. We strongly recommend caching the token in a secure local cache and reusing it while it hasn’t expired. This avoids HTTP 429 Too Many Requests errors that can occur when requesting new tokens for every single business request.

Security Considerations

  • Keep your client credentials (clientId and clientSecret) secure and never expose them publicly
  • Implement proper token management and storage mechanisms to protect sensitive information
  • Use secure storage for cached tokens
  • Never commit credentials or tokens to version control

Catalog Integration

Next: Learn how to integrate your product catalog