The Product Catalog API uses OAuth-based authentication.
To access the API, you need an API Client ID and Client Secret. These credentials are used to request an access token. The access token must then be included in Product Catalog API requests.
Enable API access
API access must be enabled for your account before you can use the Product Catalog API.
If API access is not available for your account, contact your Customer Success Manager.
Create API credentials
Create an API Client ID and Client Secret in your account settings.
You can create multiple API clients if different integrations require separate credentials.
Depending on your account configuration, you may be able to:
Create multiple API Client IDs.
Add a description for an API Client.
Define token validity settings.
Deactivate API credentials temporarily.
Delete API credentials permanently.
Store your Client Secret securely. Do not expose credentials in frontend applications, browser code, public repositories, or logs.
Request an access token
Use your Client ID and Client Secret to request an access token.
The generated access token remains valid until it expires or is revoked.
Use the access token
Include the access token in the Authorization header of every API request.
Authorization: Bearer <access-token>Example request
curl -X GET \
"https://api.mapp.com/api/product-catalog/v1/catalogs/{catalogId}/variants/{variantId}" \
-H "Authorization: Bearer <access-token>"Note
Requests are routed based on the authenticated account associated with the access token.
Token management
Access tokens can expire or become invalid. Applications should be able to request a new token automatically when needed.
Applications should not store access tokens permanently.
Security recommendations
Store Client Secrets only in secure backend systems.
Do not share credentials between environments.
Rotate credentials regularly.
Remove unused API credentials.
Do not log access tokens.
Do not expose Client Secrets in client-side applications.