Before making calls to the Omneo API, you need an authentication token. Omneo supports OAuth 2.0 password credentials and pre-generated bearer tokens.
For all integration tokens, create a dedicated Machine User named after the system being integrated (e.g., shopify-integration@brand.com). All tokens for that system should be created under that account. You can safely update the Machine User’s password in CX Manager without needing to regenerate tokens.
Method 1: OAuth 2.0
You need the following credentials (provided by your Omneo Administrator):
| Item | Description |
|---|
| Username | Your Omneo user email |
| Password | Your Omneo user password |
| Client ID | Your OAuth client ID |
| Client Secret | Your OAuth client secret |
| Scope | * for all scopes, or specific scope names |
const response = await fetch(
'https://api.[tenant-handle].getomneo.com/api/v3/auth/token',
{
method: 'POST',
headers: { 'Content-Type': 'application/x-www-form-urlencoded' },
body: new URLSearchParams({
grant_type: 'client_credentials',
client_id: '[client-id]',
client_secret: '[client-secret]',
username: '[username]',
password: '[password]',
scope: '*'
})
}
);
const { access_token } = await response.json();
Method 2: Bearer token from CX Manager
Administrators can generate pre-configured bearer tokens in CX Manager:
- Navigate to Settings → API Tokens → Add Token
- Select the required scopes
- Select Add Token: copy the token immediately (it cannot be viewed again)
Use the token in all API requests:
curl -H 'Accept: application/json' \
-H "Authorization: Bearer ${TOKEN}" \
https://api.[tenant-handle].getomneo.com/api/v3/profiles
Method 3: Shopify authentication
For Shopify storefront integrations, authenticate using the Shopify customer ID and an HMAC signature:
{% assign customerId = customer.id %}
{% assign customerSignature = customer.id | hmac_sha256: shop.metafields.omneo.id_secret %}
const response = await fetch(
`https://api.${tenant}.getomneo.com/shopify/api/v1/auth/token`,
{
method: 'POST',
headers: { 'Content-Type': 'application/json' },
body: JSON.stringify({
id: customerId,
signature: customerSignature
})
}
);
const { token } = await response.json();
localStorage.setItem('shapes:omneo:shapestoken:' + customerId, token);
The shapes:omneo: prefix is a legacy naming artefact preserved for compatibility with the deployed Shopify plugin. The token itself is the current IDToken used by the Omneo SDK. Method 4: Proxy authentication
For SFCC and other proxy-based integrations, direct authentication requests through the configured proxy:
const response = await fetch(`${PROXY_URL}/login`, {
method: 'POST',
headers: {
'Authorization': 'Basic ' + btoa(username + ':' + password)
}
});
const { token, expiry } = await response.json();
Your Omneo API base URL
Your API base URL is unique to your tenant:
https://api.[your-tenant].getomneo.com/api/v3
https://[tenant].manager.getomneo.com 
