Issues with API Key and Category Listing via REST API

Dear Delcampe Support Team,

I hope this message finds you well. I am experiencing issues while trying to interact with the Delcampe API using both my test and seller API keys.

Here are the API keys I am using.

When trying to make a GET request to retrieve Delcampe categories, I receive the following error response for both API keys:

Your token is no more valid!

I have confirmed that the tokens are correct and up to date, but I still get a 403 "Token is no longer valid" error. This is preventing me from fetching categories and proceeding with further API integration.

Could you please help me resolve this issue or provide guidance on how I can proceed to successfully interact with the API?

Thank you for your assistance.

Best regards,

I am currently in the process of developing a WooCommerce plugin aimed at enabling synchronization between a WooCommerce store and Delcampe. This plugin will allow sellers to automatically synchronize their product listings and stock information on both platforms, ensuring seamless updates between the two systems.

Here are the main features I am implementing:

Product Synchronization: Sellers will be able to create and update their WooCommerce products directly on Delcampe, ensuring consistency between their online store and their Delcampe listings.

Stock Synchronization: Any sales made on either platform will trigger automatic stock updates on the other platform, ensuring that stock levels remain accurate.

Category Mapping: The plugin will fetch and display all Delcampe categories with their corresponding IDs, allowing sellers to easily map WooCommerce product categories to Delcampe categories.

Error Logging: A dedicated section in the plugin will allow users to view any API-related errors directly from their WordPress dashboard, without needing to access server logs.

Language Options: The plugin will support multiple languages, including English, French, Spanish, Italian, and German, with an easy-to-use interface for selecting the desired language.

I would like your assistance in ensuring the API integration is properly handled, and any guidance on best practices when using the Delcampe API for this purpose would be greatly appreciated. Specifically, I encountered some issues with token validity and category retrieval, and I would like to understand the best way to handle API authentication and category management.

I look forward to your feedback and any support you can provide to help finalize this integration.

Good luck !

Thank you

During your development you will come across these problems:
1) retrieve listing id from D* sometimes fails
2) listing sometime answer with ok but the item is not listed
3) randomly API KEY is not recognized by D*
4) randomly a delete item not works
5) D* add/delete categories without notice

...and many others

If you client want to sync more than D*, you are in trouble
I don't know your knowledge with woocommerce but a plugin like this take tons of ram and cpu time. If you need to list 1/2/3000 items you need to leave up and running the slave for hours and you need to setup a cron to retrieve id for items listed (D* don't send item id on the listing request answer)

We have worked for more than one year before reach a 90% reliability but every day an issue appear (and we don't have tons of clients......)

Thanks for sharing your experience. This is exactly the kind of feedback that helps to anticipate the issues. I’m well aware that integrating with Delcampe’s API comes with a series of challenges, especially given the random inconsistencies you mentioned, like the API key sometimes not being recognized, failed item deletions, or categories being altered without notice.

What you described about not receiving the product ID directly in the response really complicates things, forcing us to rely on cron jobs to fetch that data after the fact, which is far from ideal when dealing with thousands of items. The random addition/removal of categories without warning is another point of concern in terms of ensuring stability.

Regarding the server load, I expected a significant impact, especially with WooCommerce, which is known to struggle with large data volumes. I plan to implement batching to minimize resource usage and prevent RAM overload, but clearly, achieving 100% reliability with this API is going to be tough.

That brings me to a question: why do you think Delcampe is so underdeveloped in terms of tools and integration? The API seems under-optimized and underutilized, which surprises me considering the platform's popularity in certain markets. Do you have any insight into what might be holding back its development?

If you have any specific recommendations for handling these issues or improving stability, I’d be glad to hear them. Thanks again for sharing your insights.

Did you see that a token is only valid for 30 minutes?

And you will need two different tokens for two different API keys.

Hey,

Yes, I did see that the token is only valid for 30 minutes, which definitely adds another layer of complexity. It means that we not only have to manage token retrieval on a regular basis but also set up automatic regeneration mechanisms every time it expires, especially when dealing with long-running tasks like mass product or stock synchronization.

Needing two different tokens for two API keys also makes things more complicated when managing multiple accounts at the same time. I’m planning to handle this by setting up separate token management for each API key with a token rotation system, but it certainly adds weight to the process.

Have you run into any issues with token regeneration, or do you have any recommendations on handling this efficiently in an environment with lots of requests?

Thanks for the heads-up, it’s definitely helpful for planning these aspects.

Thanks for pointing that out, I didn’t know the token only lasts for 30 minutes. Where did you find this information? I couldn't find this detail in Delcampe’s official documentation.

If that's true, it changes a lot of things, especially for large-scale synchronization processes. If the token expires that quickly, we’ll need to rethink the token management mechanism and implement automatic regeneration, which isn’t ideal for longer tasks.

Have you encountered any issues with this in your own development, or have you found an efficient workaround?

Thanks in advance for your feedback!

Hi
I don't understand this phrase "Needing two different tokens for two API keys also makes things more complicated when managing multiple accounts at the same time"

You use the right token for every call, generated by the right API Key

Question: API key and refresh system store procedure is centralized on your server or is on any woocommerce site where you install the plugin ? The second solution is extremely dangerous due to tons of security issues on wordpress/woocommerce/plugins/templates

PS: the 30 minutes expiration time is detailed on this page:
Link (https)

Hi,

Thanks for the clarification regarding the 30-minute expiration time for the token. I hadn't realized it before.

Regarding the phrase "Needing two different tokens for two API keys," I see how this could cause complexity in handling multiple accounts at the same time. However, from a development perspective, if you manage tokens on a per-request basis, you should be able to use the correct token for the correct API key without much trouble. The key is to ensure that each API request uses the token generated from the corresponding API key.

Concerning your question on the API key and refresh system: in my case, the token generation and refresh procedure would be handled server-side, centralized on my server, not locally on any WooCommerce site where the plugin is installed. This avoids potential security risks that come with decentralized token handling across multiple WordPress sites, which could indeed be problematic given the security vulnerabilities often associated with WordPress plugins and themes.

I appreciate your input and the link to the 30-minute expiration notice in the documentation. I’ll be sure to structure the token refresh properly to avoid disruptions.

Hello,

please find the authentication endpoint documentation here: Link (https)

"Call /seller only once per session. Your token will be available during 30 minutes."

This is a security feature, we used to have much longer expiration time on API tokens but we had to reduce it after receiving complains about hacked tokens.

In general it's a good practice for any API related code to wrap all calls in a exception handler, that re-authenticate and retry the call if a "401 Unauthorized" response is received, in order to make the authentication process all transparent.

However ensure that your wrapper retry once and once only to avoid creating an authentication loop leading to a long lasting ban on our servers.

Regards,

Laurent.

Hi
I'm curios to see your job when finished

Pls post a message with link when done

Regards
Roberto

yes