After you have created the access token, you must include it in the authorization header of every Galaxy Store Developer API call (which includes the Content Publish API, IAP Publish API, and GSS Metric and User APIs). The access token is valid only within the scope specified when the token was requested and it can only be used with a service account.
Do not store an access token on a client or a web project as it risks exposing the private key of your service account. The access token should be safely stored and used in an environment where there is no risk of exposure to others (for example, on the server side).
The following header is required for authentication in order to use the Galaxy Store Developer API.
Bearer <your-access-token>
application/json
The following example shows the header used with the IAP Publish API to get a list of in-app purchase items:
curl -X GET \ -H "Authorization: Bearer <your-access-token>" \ -H "service-account-id: <your-service-account-id>" "http://devapi.samsungapps.com/iap/v6/applications/com.example.mygame/items?page=1&size=1" \
Verify that the access token being used is valid.
GET /auth/checkAccessToken
Example:
curl -X GET \ -H "Authorization: Bearer <your-access-token>" \ -H "service-account-id: <your-service-account-id>" \ "https://devapi.samsungapps.com/auth/checkAccessToken"
{ ok: true }
See Authentication errors for information about failed requests.
When an access token is created, it does not expire and it can be used as long as the service account is valid. You can use this method to revoke or cancel the access token.
DELETE /auth/revokeAccessToken
curl -X DELETE \ -H "Authorization: Bearer <your-access-token>" \ -H "service-account-id: <your-service-account-id>" \ "https://devapi.samsungapps.com/auth/revokeAccessToken"
The following errors may occur during authentication while using the Galaxy Store Developer API.
Invalid Access Token:
{ "code":"AUTH_REQUIRE", "message":"Invalid accessToken", "from": "asgw" }
Non-existent service account:
{ "code":"AUTH_REQUIRE", "message":"Not found service account by serviceAccountId", "from": "asgw" }