Authentication

How do I retrieve my API keys?

To retrieve your API keys, log in to your Walmart Developer account, go to the My Account page, and select API Keys under the Account section.

I am unable to retrieve my API keys. What should I do?

If you are unable to retrieve your API keys, please contact Walmart's Developer Support team at [email protected] for assistance.

How do I authenticate with Walmart Supplier APIs?

Use OAuth 2.0 client-credentials to obtain a short-lived access token, then send it on every request. You can use the following sample request:

curl --request POST \ --url https://api-gateway.walmart.com/v3/token \ --header 'Authorization: Basic eW91cl9pZDp5b3VyX3NlY3JldA==' \ --header 'Accept: application/json' \ --header 'Content-Type: application/x-www-form-urlencoded' \ --data 'grant_type=client_credentials'

For more details on authentication and how to start integrating Walmart Supplier APIs, refer to the Authentication management API overview guide.

What if I'm getting authentication failures?

Walmart Marketplace uses OAuth 2.0. Send a valid access token on each call.

• WM_SEC.ACCESS_TOKEN: <access token>

Common 401 causes and fixes:

• Token missing or expired. Generate a new token and resend.
• Insufficient scopes. Grant the app the required permissions and retry.
• Token present but placed in the wrong header. Use WM_SEC.ACCESS_TOKEN exactly.

Why am I getting invalid token or unauthorized errors?

• 401 (invalid/expired) - The access token is missing, malformed, expired, or was created for a different environment. Renew your access token; confirm you’re using the right environment keys.
• 403 (forbidden) - The token is valid, but your app/account doesn’t have permission (scope/role) to call that endpoint or access that resource. Check app scopes/roles.
• Mixed environments - A sandbox token is being used with a production URL (or the reverse). Tokens and base URLs must come from the same environment.