Corso Commerce API
The Corso Commerce API is designed to be accessed by e-commerce systems that need to send orders to Corso for potential coverage under Green Shipping Protection. It is intended to be used in conjunction with the Corso Shop API, sending orders to Corso that have been quoted for Green Shipping Protection and where the customer has elected to purchase it.
Prerequisites
Because this API is authenticated, it requires a Client ID and Client Secret. Please contact us in order to generate this auth pair if needed.
Your fulfillment locations (warehouses where items are shipped to the customer from) must also be set up with Corso. This information is used to calculate carbon emissions, to complete the "Green" part of Green Shipping Protection.
Various other pre-requisites will likely have already been completed for use of the Shop API, including the configuration of the Corso Green Shipping Protection products and variants.
Authentication
This API uses the OAuth2 Client Credentials flow. Request a JWT access token from the token endpoint using your client_id and client_secret, then include it as a Bearer token in the Authorization header of all API requests.
| Environment | Token URL | Audience | API Base URL |
|---|---|---|---|
| Production | https://auth.corso.com/oauth/token | api.corso.com | https://api.corso.com/v1 |
| Staging | https://auth.stg.corso.com/oauth/token | api.stg.corso.com | https://api.stg.corso.com/v1 |
Example token request:
curl -X POST "https://auth.corso.com/oauth/token" \
-H "Content-Type: application/json" \
-d '{
"client_id": "YOUR_CLIENT_ID",
"client_secret": "YOUR_CLIENT_SECRET",
"audience": "api.corso.com",
"grant_type": "client_credentials"
}'
Date/Time Format
All times are 'date-time' formatted strings, as one of the built-in formats officially defined by the Open API Specification: https://swagger.io/docs/specification/data-models/data-types/#string. Any date-time strings received without an offset will cause the request to fail.
Authentication
- OAuth 2.0: bearerAuth
OAuth2 Client Credentials flow. Request a JWT from the token URL using your client_id, client_secret, the audience value, and grant_type of client_credentials. Include the resulting token as a Bearer token in the Authorization header. See the Authentication section below for environment-specific configuration.
| Security Scheme Type: | oauth2 |
|---|---|
| OAuth Flow (clientCredentials): | Token URL: https://auth.corso.com/oauth/token Scopes: |