In order to build an application that acts on behalf of a Teespring user, you will need to connect your app to Teespring, and authenticate your user using OAuth2.
First, you will need to have a Teespring employee set up an application for you. As part of the process, you should provide an APPLICATION_NAME and a REDIRECT_URL where the authentication process can redirect the user after he or she grants permission to your app.
You will receive a CLIENT_ID and CLIENT_SECRET to use when coding your application.
On your side, you would:
Create a "Log In" link that sends the user to:
The user will see an authorization prompt:
If the user clicks "Authorize," Teespring redirects the user back to your site with an auth code:
http://example.com/callback?code=AUTH_CODE_HERE
(In this example, we are assuming the REDIRECT_URL provided was:
"http://example.com/callback")
IMPORTANT:
The auth code is just an interim step in the OAuth2 process. You must exchange it for an access token, which you can put in your headers to allow access.
Your server exchanges the auth code for an access token:
POST https://api.teespring.com/oauth/token
grant_type=authorization_code&
code=AUTH_CODE_HERE&
redirect_uri=REDIRECT_URL&
client_id=CLIENT_ID&
client_secret=CLIENT_SECRET
The Teespring server replies, providing an access token formatted as JSON in the response body
{
"access_token": "...1337c0de...",
"token_type": "bearer",
"expires_in": 7200,
"refresh_token": "...d00dface..."
}
or if there was an error:
{
"error":"invalid_request"
}
You can now make requests against http://api.teespring.com by setting the HTTP Authorization header to: 'Bearer <access_token from JSON>'
Refreshing the access token
When you retrieve an access token, the payload also contains a token that can be used to refresh the access token after it expires. The process is similar to obtaining an access token the first time.
POST https://api.teespring.com/oauth/token
grant_type=refresh_token&
client_id=CLIENT_ID&
client_secret=CLIENT_SECRET&
refresh_token=REFRESH_TOKEN