Renewed API authorisation process: check and renew on time

Do you work with an integration partner via the bol API – such as a marketplace integrator, ERP system, or logistics software? We have improved the way you grant API access for added security. From now on, you determine which data and functionalities you share with your integration partner for each connection.
You no longer grant access to the entire API, but only select the necessary components. This way, you maintain control over your data, and access aligns better with your integration partner's services. Below, you can read what this means for you.
What is changing?
This change applies to API connections that use the Codeflow ('simplified authentication process'). If you use Client Credentials? Then nothing changes yet.
Previously, you granted an integration partner access to the full API via the Codeflow. When creating or renewing a connection, you now choose:
- The API components (resources): which parts of the API may the integration partner use?
- The rights: may the integration partner only retrieve data or also manage it?

Check if you need to take action
This change applies to:
- New API connections via the Codeflow
- Existing Codeflow connections that need to be renewed
Check which connections are active in your seller account via:
Settings > Services > API settings > Authorized parties
Here you will see:
- Which integration partners have access to the API
- When an authorisation expires
Renew existing connections before the expiration date via the new process to prevent interruptions. We advise doing this within two months before the expiration date. You will also receive a notification from your integration partner when it's time to renew the authorisation.
Step-by-step plan: Create or renew API connection
Step 1: Start the connection from your integration partner
Log in to your integration partner and start the process to create or renew a bol connection. The exact steps may vary per integration partner. Therefore, follow your integration partner's instructions. You will then be automatically redirected to the bol login page.

Step 2: Select your account
Choose the bol account for which you want to authorise the connection.

Step 3: Choose which data an integration partner can access
You will see an overview of the available API components, divided into five main scopes:
- Assortment management (e.g., offers and item content)
- Logistics (e.g., orders)
- Insights
- Finance
- Subscriptions
Via the information icon ('i'), you will find an explanation for each component. Select only the components your integration partner needs. You can select individual components or choose a main scope (for example, Logistics), where the corresponding components are automatically selected.
Please note: for a properly working connection, it is important that you select the correct components. Therefore, check your integration partner's documentation to see which components are needed.

Step 4: Choose the correct rights
For each API component, you choose which actions the integration partner may perform:
- Read: only retrieve data
- Manage: retrieve, create, modify, and/or delete data
If you are unsure which components or rights are needed, please contact your integration partner.
Step 5: Confirm the authorisation
Check your selection and click Save.
The API connection is now active with the rights you have chosen.
Step 6: Check the connection
Check if the connection works correctly. Do you see no error messages? Then everything is working correctly. Are you still experiencing problems? Then check your integration partner's documentation or contact them.
Good to know
- Integration partners only get access to the functionalities for which you explicitly give permission. It is therefore important that you grant the correct rights.
- Missing rights can cause a connection to not work properly. In that case, you must go through the authorisation process completely again and grant all necessary rights.
- Existing connections via the Codeflow will continue to work until the expiration date. After that, you must re-authorise them via the new process.
Summary: what should you do?
✔ Check in your seller account which partners have access via the Codeflow.
✔ Renew existing connections before the expiration date via the new authorisation process.
✔ Also go through the new process for new Codeflow connections.Do you use Client Credentials? Then you don't need to do anything yet. This change is expected to be implemented for Client Credentials integrations in Q3 2026. From then on, you will also determine which API components an integration partner can access for these connections. We will keep you informed about this via the Partnerplatform.