Set Access Token Manually

POST 
/api/faire/instances/:integrationInstance/access-token

Persist a Faire long-lived access token directly onto the integration instance — an alternative to the OAuth Authorization Code flow.

Why this exists: Faire only allows one live OAuth token per brand at a time, and the brand admin app does not expose a way to revoke an existing OAuth token. Tenants who already have a long-lived token (e.g., issued for a previous integration) can paste it here instead of running the browser-driven OAuth flow.

What it does:

• Stores the token on the integration instance's connection_settings.access_token
• Tags connection_settings.auth_method = "manual" so the UI and revoke flow can differentiate this from OAuth-issued tokens
• Sets granted_scopes to the full default set from config('faire.scopes') (we cannot introspect a user-supplied token to determine its actual scopes)
• After saving, is_authorized becomes true immediately — the instance is ready to sync

Revocation behavior: When auth_method = "manual", the POST /revoke endpoint clears the token locally without calling Faire's revoke endpoint — we did not issue this token so we have no business revoking it at Faire (the user may still be using it elsewhere).

Path Parameters:

• integrationInstance (required) - The ID of the Faire integration instance

Request Body:

• access_token (required, string, min:10, max:4096) - The Faire long-lived access token

Auth: Requires Bearer token.

Errors:

• 422 - access_token is missing, too short (<10 chars), or longer than 4096 chars

Request

Responses

200

Successful response