Skip to content

Authentication


Consumer ID and Auth Tokens

API partner generates RSA key pair and send us the public key. Partners can use the following commands in 'openssl' to generate keys. Sam's team will generate and share a unique 'consumer id' and 'auth token'.

Note:

  • 'openssl' tool needs to be installed as a pre-requisite
  • The same set of commands can be used for Windows, Linux and Mac OS

Generate RSA key-pair

    genrsa -des3 -out agency_key_pair 2048

Export private key in private_key.pem file

    pkcs8 -topk8 -inform PEM -in agency_key_pair -outform PEM -out agency_private_key.pem -nocrypt

Export public key in public_key.pem file

    rsa -in agency_key_pair -outform PEM -pubout -out agency_public_key.pem

Once the agency_public_key.pem is generated please email it as an attachment to partner-support@samsclub.com. After receiving this file, we will share the 'consumer id' and 'auth token' along with the key version.

Authorization

Use the base URL and append the appropriate API endpoints from the documentation. Usage of HTTP headers and query string parameters explained in sample cURL requests. Few specific API may need additional parameters.

Sandbox Base URL: https://developer.api.us.stg.walmart.com/api-proxy/service/sp/api-sams/v1/api/v1

Headers

Header Name Description Required Values
WM_CONSUMER.ID We will provide you the consumer ID to access the API. It is same for all advertisers who are accessing the API. Y Use the generated ConsumerId shared with you at the time of partner onboarding. Refer to the above section for further explanation on this.
WM_SEC.AUTH_SIGNATURE Auth signature as an API key Y Use the signature generator code shared by Sam's team to generate this value
WM_CONSUMER.intimestamp Timestamp for which the auth signature is generated. Use Unix epoch format for the timestamp. Y Use the signature generator code shared by Sam's team to generate this value
WM_SEC.key_version Key version Y Use generated Key version shared with you at the time of partner onboarding. Refer to the above section for further explanation on this.
Authorization User authentication token Y Use the generated auth token shared with you at the time of partner onboarding. Use the auth token as Bearer token ("Bearer" followed by auth token). Refer to the above section for further explanation on this

Sample Request

1
2
3
4
5
6
7
8
9
 curl --X GET  
 'https://developer.api.us.stg.walmart.com/api-proxy/service/sp/api-sams/v1/api/v1/campaigns?advertiserId={advertiserId}' 
--header 'Authorization: Bearer ************************'    
--header 'content-type: application/json' 
--header 'wm_consumer.id:<consumer id>' 
--header 'wm_consumer.intimestamp:<Timestamp for which the auth signature is generated>' 
--header 'wm_sec.key_version: 1' 
--header 'wm_qos.correlation_id:<UUID to identify/debug request>' 
--header 'wm_sec.auth_signature:<Auth signature as generated using signature generator code>' 

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
OkHttpClient client = new OkHttpClient().newBuilder().build();
MediaType mediaType = MediaType.parse("text/plain");
RequestBody body = RequestBody.create(mediaType, "");
Request request = new Request.Builder()
.url("https://developer.api.us.stg.walmart.com/api-proxy/service/sp/api-sams/v1/api/v1/campaigns?advertiserId={advertiserId}")
.method("GET", body)
.addHeader("wm_consumer.id", "<consumer id>")
.addHeader("wm_sec.key_version", "2")
.addHeader("wm_sec.auth_signature", "<Auth signature as generated using signature generator code>")
.addHeader("wm_qos.correlation_id", "<UUID to identify/debug request>")
.addHeader("wm_consumer.intimestamp", "<Timestamp for which the auth signature is generated>")
.build();
Response response = client.newCall(request).execute();

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
const axios = require('axios'); 
let data = ''; 
let config = { 
method: 'get', 
maxBodyLength: Infinity, 

url: 'https://developer.api.us.stg.walmart.com/api-proxy/service/sp/api-sams/v1/api/v1/campaigns?advertiserId={advertiserId}', 

headers: {  
    'wm_consumer.id': '************',  
    'wm_sec.key_version': '2',  
    'wm_sec.auth_signature': '************',  
    'wm_qos.correlation_id': '12345',  
    'wm_consumer.intimestamp': '************',  
    'Authorization': 'Bearer ************' 
}, 
data : data 
}; 
axios.request(config) 
.then((response) => { 
console.log(JSON.stringify(response.data)); 
}) 
.catch((error) => { 
console.log(error); 

}); 

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
import requests 

url = "https://developer.api.us.stg.walmart.com/api-proxy/service/sp/api-sams/v1/api/v1/campaigns?advertiserId={advertiserId}" 
payload = ""
headers = {
'wm_consumer.id': '<consumer id>',
'wm_sec.key_version': '2',
'wm_sec.auth_signature': '<Auth signature as generated using signature generator code>',
'wm_qos.correlation_id': '<UUID to identify/debug request>',
'wm_consumer.intimestamp': '<Timestamp for which the auth signature is generated>'
}
response = requests.request("GET", url, headers=headers, data=payload)
print(response.text)