YouCan Developer

Appearance

Connect OAuth

To connect to YouCan API, you can use the standard OAuth 2 to get an access token.

Prerequisites

Before you begin, ensure you have a Partner Account with YouCan. You can register here.

Setting Up OAuth

To use OAuth, follow these steps in your Partner Dashboard to generate OAuth Credentials:

  • Go to the Apps tab in the Partner Dashboard and Click on Create App.
  • Select create app manually under Using YouCan Partners > enter an App name> click Create app.

oauth-app

This will automatically generate the OAuth credentials (Client ID and Client Secret) for your app, which you can find in the Apps listing Page.

Note

Ensure that the "Embedded" option is set to False under Configuration in the app's Overview tab after creation config-app

Authorization Request

To obtain an authorization code, redirect the seller to YouCan with the following URL:

https://seller-area.youcan.shop/admin/oauth/authorize?client_id=<CLIENT-ID>&redirect_uri=https://myapp.com/callback&response_type=code&scope[]=*

Exchange Code for Access Token

After the seller accepts the request via the authorization popup, they will be redirected to the specified redirect URI (https://myapp.com/callback). You can then exchange the authorization code for an access token. Here's an example using Laravel:

php
Route::get(
    '/callback',
    function (Request $request) {
        // If an error occurred or seller rejected authorization
        if ($request->has('error')) {
            if ($request->get('error') === 'access_denied') {
                return 'You canceled the request';
            }

            return "an error occurred";
        }

        $http = new GuzzleHttp\Client;

        $response = $http->post(
            'https://api.youcan.shop/oauth/token',
            [
                'form_params' => [
                    'grant_type'    => 'authorization_code',
                    'client_id'     => '<CLIENT ID>'
                    'client_secret' => '<CLIENT SECRET>',
                    'redirect_uri'  => 'https://myapp.com/callback',
                    'code'          => $request->get('code'),
                ],
                'http_errors' => false,
            ]
        );

        return json_decode((string)$response->getBody(), true);
    }
);

Response:

json
{
    "token_type": "Bearer",
    "expires_in": 1295999,
    "access_token": "<ACCESS TOKEN>",
    "refresh_token": "<REFRESH TOKEN>"
}

Refresh Token

The access token typically has a lifetime of one year unless it's revoked. You can refresh it using the refresh_token attribute you got from the response. Here's an example of how to refresh it:

php
$http = new GuzzleHttp\Client;

$response = $http->post(
    'https://api.youcan.shop/oauth/token',
    [
        'form_params' => [
            'grant_type'    => 'refresh_token',
            'client_id'     => '<CLIENT ID>',
            'client_secret' => '<CLIENT SECRET>',
            'refresh_token' => '<REFRESH TOKEN>',
        ],
        'http_errors' => false,
    ]
);

© 2022-2025 YouCan