Once the draft app is installed and app profile is created, the next step is to write the code grant authorization flow that generates a unique access token for each store that installs our app.
The sequence is as follows:
- The merchant initiates installing the app by signing into their store control panel and clicking Install in the App marketplace.
- The merchant accepts the app’s OAuth scope permissions. The OAuth consent view presented to the merchant requires them to approve all the scopes to install the app; at this time, merchants cannot pick and choose scopes.
- The merchant’s browser sends a GET request to app’s server’s
GET /authendpoint that contains some of the information necessary to request a unique access token for the store. - The app send POST request to Big commerce to request a unique access token for the store.
- BigCommerce responds with either an error or an access token unique to the merchant’s store.
- The app saves the store’s unique access token and handles any internal logic.
- The app sends a response to browser’s GET request in step 3 that contains markup to render the app’s landing view in the iFrame the store control panel provides.