This instruction blog will describe how to create OAuth 2.0 API keys on your Ecwid account. These API keys are necessary to make API calls from ERPAG via Blockly scripts. The instructions show how the process itself currently looks. If in the meantime the design of the website we are describing changes, just follow the steps described in the Ecwid documentation. In essence, regardless of possible website design changes, the principle remains identical and you will easily find your way and follow this instruction.

Since OAuth 2.0 authorization is a system with almost the highest level of security, receiving API keys is much more complex than standard ones. Therefore it is necessary to follow the next steps:

  • First of all, you need to have a registered Ecwid account with which you can access your data. This is the account you use to log into the Ecwid service;
  • With your Ecwid account, open the Ecwid Develop Apps page;
  • Through Ecwid Develop Apps create a new application;
  • After creating the new App registration, fill in the parameters of the application that Ecwid requires. After this, Ecwid generates the necessary data (Client ID and Client Secret) for authorizing external applications (ERPAG, in this case).

Working with Ecwid account

Let’s start from top! First, you must have your own Ecwid account. Once you have your Ecwid account, log in to:

ecwid account

After logging to portal, in your browser open a new Tab. In the browser’s address bar enter the following URL address to open a hidden Ecwid page. If you already have private applications created, you will get the following screen:

ecwid manage your apps

If you don’t have a private app, Ecwid will automatically create a new one.

ecwid apps

Scroll the page down to find the Client ID and Client secret. Save this information because you will need it to enter in ERPAG.

ecwid client id and client secret

Since Ecwid is quite closed platform, the Redirect URL (Callback URL) data is not possible to enter directly on portal. You have to contact Ecwid support with a request to enter Redirect URL address that has to be on a private app.

To do so, click on the „Contact“ button at the bottom of the page.

ecwid contact support

You will get a new page on which you are submitting your request. It is important to type in the Redirect URL address correctly, as you can’t change it later and you will have to contact Ecwid support each time.

add redirect url address

After you submit your request, you will get a message that you will receive a response in 2 business days. However, the response is usually received within 1-2 hours, so it’s mandatory to keep an eye out on your inbox.

Now you can close Ecwid pages and wait for their confirmation, that you will receive to your email.

After you receive confirmation that Redirect URL address is added to your Private App, your Ecwid API is ready for API calls that you will be able to create and call from ERPAG on your own.

Working in ERPAG

In ERPAG, create a new API Authorization with parameters you generated in Ecwid.

Log in to ERPAG and activate option „Administration – Customization“ – „API Authorizations“.

ERPAG API authorizations

Select option „ADD NEW“ – „OAuth 2.0“

add new Oauth 2.0

For API calls to Ecwid, it is necessary to first authorize application. This means that you have to enter a large number of parameters that you can find on the following website:

You will find out that the basic setup of the authorization process itself requires you to study the huge documentation. That’s why we at ERPAG have created Templates for several different services. Here you only need to enter two basic data, while the other parameters are filled in automatically. In case you need any modification, you can always correct the offered parameters afterward, but it must be according to the documentation of the service you want to authorize (in this case, Ecwid).

By entering the “API authorization” form, go to “Template” and activate the “Ecwid” option as shown in the image.

erpag ecwid template

Entering Client ID and Client secret in ERPAG

Now it’s required to enter „Client ID“ and „Client Secret“ from the Ecwid Develop Apps page. At the end, confirm the import.

entering keys in ERPAG

After import confirmation all required parameters will be automatically set up. Save the document.

ERPAG authorization

As you can see from the picture, the document status is “NOT AUTHORIZED”. This means that we only entered the parameters, but the application is still not authorized. Now you need to activate the “Get a new Access Token” option to finally allow access to your Ecwid API service.

erpag get access token

By activating the “Get a new Access Token” option you are starting the process of connecting ERPAG with Ecwid through the OAuth 2.0 protocol, which requires you to log in to your Ecwid account and allow access.

After successful authorization, the status will be “AUTHORIZED”. If some of the input parameters are incorrect or you have quit the authorization, the status can be “AUTHORIZATION ERROR”.


Successful authorization considers that ERPAG received authorization token and refresh token from the Ecwid, which looks as follows:

"access_token": "secret_n5uKdp9er7uiJGTu9hJvy8Viy1Xmf",
"token_type": "Bearer",
"scope": "read_store_profile update_orders read_orders create_catalog update_catalog read_catalog",
"store_id": 123456789,
"user_id": 123456789,
"admin_sso": {
    "role": "STORE_OWNER"
"email": "[email protected]",
"profile_scopes": "read_store_profile read_store_profile_extended update_store_profile update_own_user_profile charge get_shipping_labels create_orders update_orders read_orders create_catalog update_catalog read_catalog add_to_cp update_discount_coupons create_discount_coupons read_discount_coupons create_customers update_customers read_customers customize_storefront allow_sso create_stores read_stores add_shipping_method add_payment_method customize_cart_calculation clone_stores public_storefront read_invoices delete_invoices create_invoices analytics_tools_report_management manage_instant_site read_dashboard_reports automatic_discounts_management sell_on_your_website sell_on_fb sell_on_tiktok sell_on_mobile sell_on_pos sell_on_shopapp sell_on_google_shopping sell_on_marketplaces create_promotion read_promotion update_promotion delete_promotion read_site_redirects update_site_redirects create_site_redirects read_reviews update_reviews read_store_limits create_pdf read_products_with_non_general_tax_class_count manage_linkup add_custom_blocks",
"public_token": "public_LTykdf8djnsJKGfjderho83ddDXb"

ERPAG Stores the received access token in your database. And you can use it through Blockly scripts by making new API calls to Ecwid according to your needs.

Start NOW

Read More

Related Posts

How Great Inventory Software Can Help Fight Inflation

In today's rapidly fluctuating economy, businesses face the daunting challenge of fighting inflation. Rising costs can erode profits and disrupt operations, making it essential to adopt strategies that mitigate these impacts. One powerful tool in this battle is...

read more
​ERPAG API – Xero OAuth 2.0 authorization

​ERPAG API – Xero OAuth 2.0 authorization

In this instruction blog, we will describe how to create OAuth 2.0 API keys on your Xero account. These API keys are necessary in order to make API calls from ERPAG via Blockly scripts. The instructions show how the process itself currently looks. If in the meantime...

read more