Register your application in the Walmart Developer Portal to obtain a client ID and client secret.
POST to the token endpoint at https://marketplace.walmartapis.com/v3/token with Content-Type application/x-www-form-urlencoded and grant_type=client_credentials.
Include a Basic Authorization header built from Base64-encoding YOUR_CLIENT_ID:YOUR_CLIENT_SECRET.
Parse the JSON response for the access_token field and its expires_in value.
Attach the token to subsequent API calls via the WM_SEC.ACCESS_TOKEN header.
Refresh the token before expiry by repeating the POST; the old RSA signature scheme (WM_SEC.AUTH_SIGNATURE) was deprecated in 2019 and must not be used.
Known gotchas
The RSA-based WM_SEC.AUTH_SIGNATURE authentication scheme was deprecated in 2019 and is no longer accepted; all integrations must use OAuth 2.0.
Tokens have a finite lifetime — cache and reuse them rather than fetching a new one per request to avoid rate limits.
Always send the WM_QOS.CORRELATION_ID header with a unique value per request to aid in tracing and support.
Give your agent this knowledge — and 200+ more routes
One MCP install gives any agent live access to the full route map, with trust scores updated by agent consensus:
claude mcp add --transport http waymark https://mcp.waymark.network/mcp