OAuth2
The OAuth2 mode requires that your administrative contact, i.e. the legal or technical manager of the Marketplace you want to integrate, has opened a technical account for you from their own Merchant Back Office account.
After that:
- Sign in to the Merchant Back Office with your own login details.
- At the top right of the screen, open the drop-down menu under your name, and click Settings.
- Click on the API Key tab to retrieve your keys for the test and production environments.
To generate an access token, you must make a POST request to the following address: https://account.lyra.com/auth/realms/marketplace/protocol/openid-connect/token
(same address for both environments) with the following parameters in the application/x-www-form-urlencoded format:
- grant_type: client_credentials
- client_id: CLIENT_ID (consisting of the first letters of the first and last name, followed by a "_" and the uuid of the Marketplace).
- client_secret: CLIENT_SECRET (corresponding to the “API Key”, a 32-character string in uuid format)

The access token is returned in the access_token field.
A request submitted with an expired authentication token will be rejected with an HTTP 307 code.
Example of obtaining the authentication token in PHP
<?php require 'vendor/autoload.php'; use GuzzleHttp\Client; $MARKETPLACE_UUID = "57595c55-b096-41d8-9287-b98640de3f25"; $USERNAME = 'mdupont'; $CLIENT_ID = $USERNAME."_".$MARKETPLACE_UUID; $CLIENT_SECRET = "aaaaaaa-bbbb-cccc-dddd-eeeeeeeeeeee"; $AUTH_URL = "https://account.lyra.com/auth/realms/marketplace/protocol/openid-connect/"; $API_URL = "https://secure.lyra.com/marketplace-test/v1/"; session_start(); function getAccessToken() { global $AUTH_URL, $CLIENT_ID, $CLIENT_SECRET; $expire_next = $_SESSION['expires_next']; if (!$_SESSION['token'] || !$expire_next || time() >= $expire_next - 2) { $client = new Client(["base_uri" => $AUTH_URL]); $response = $client->request('POST', 'token', ['form_params' => [ 'grant_type' => 'client_credentials', 'client_id' => $CLIENT_ID, 'client_secret' => $CLIENT_SECRET ]] ); $body = $response->getBody(); $data = json_decode($body->getContents()); $_SESSION['token'] = $data->access_token; $_SESSION['expires_next']= time() + $data->expires_in; } return $_SESSION['token']; } function getMarketplaceDetails() { global $API_URL, $MARKETPLACE_UUID; $token = getAccessToken(); $client = new Client(["base_uri" => $API_URL]); $response = $client->request('GET', "marketplaces/$MARKETPLACE_UUID", ['headers' => ['Authorization' => "Bearer $token"]] ); $body = $response->getBody(); return $body->getContents(); } echo getMarketplaceDetails();