This method of authentication is recommended for clients that can securely store the member authentication token access_token and member authentication token refresh_token locally.
The member authentication token access_token must be provided as the LoyaltySessionToken HTTP header to authenticate subsequent requests.
Sign out is handled by deleting the stored member authentication token access_token and member authentication token refresh_token
This method can be used to both create a new access token, or refresh an expired token based on the member authentication request grant_type
Data is to be provided as application/x-www-form-urlencoded form parameters in the format of member authentication request
Currently, the external_issuer grant type will fail if the provided external authentication token can not be linked to a single Loyalty
member, and as such is unsuitable for social sign in flows.
LockOutPeriodInSeconds property will only be present on the response object if the response has the error code 32000.
Success
The provided grant type, credentials, or refresh token are invalid.
Member locked. Try again later.
{- "access_token": "string",
- "token_type": "Bearer",
- "expires_in": 0,
- "refresh_token": "string"
}