API - OAuth protocol

Access scopes

Part of the OAuth2 process requires specifying which parts of an account's data the app would like access to.
We advise you to limit the scope you request to only the permissions that are necessary for your app to function.

An application can ask for any of the following scopes:
read_products, write_products : Access to Products, Price rules, Product Variants, Product Categories, Product Suppliers, Product Brands, Product Tags, Product Modifiers
read_customers, write_customers : Access to Customers, Customer Addresses, Customer Lists, Customer Tags
read_store_credit, write_store_credit : Access to Customer Store Credit
read_sales, write_sales : Access to Sales, Payments and Fulfillments
read_reports, write_reports : Access to Sales Data, Z Reports, Accounting exports, Cash counts
read_inventory, write_inventory : Access to Inventory Levels, Stock Orders, Stock Transfers, Inventory Counts, Inventory Reorder Points
read_calendar_events, write_calendar_events : Access to Calendar Events
read_time_tracking, write_time_tracking : Access to Time Tracking
read_kitchen_screen, write_kitchen_screen : Access to Kitchen Display System
read_settings, write_settings : Access to Users, Stores, Warehouses, Payment Types, Taxes, Resources

Connect your public app

Oauth is used to issue access tokens on behalf of users.

– The user makes a request to install the app,
– The required scopes of the app are displayed on the user screen before granting access to the app,
– the user consents to the scopes and is redirected to the redirect_uri of the app,
– the app makes an access token request to Hiboutik including the client_id, client_secret, and code,
– Hiboutik returns the access token and requested scopes,
– the app uses the token to make requests to the user account API,
– The app receives the requested data.

On request, we can provide you the framework to configure your own application.

OAuth Token

The OAuth Access Token is valid for 365 days.

The Refresh Token is valid for 730 days.

If an error code '1' is received the Refresh Token should be used to get a new Access Token.

Send us a request

Click here

  • FR +33 (0)1 48 78 40 06
  • FR +41 (0)21 519 00 17
  • FR +32 (0)2 318 82 77
  • FR +34 (0)912 69 39 94