Health

curl -sS "https://staging.api.hofj.com/health"

API key (list products)

Replace BASE and use a real key in production. 
BASE="http://localhost:8080"
API_KEY="dev-internal-api-key"

curl -sS -H "Authorization: Bearer ${API_KEY}" \
  "${BASE}/v1/products?limit=5&brand=Weebora&locale=it"

OAuth2 token then Bearer

BASE="http://localhost:8080"
RESP=$(curl -sS -X POST "${BASE}/v1/oauth/token" \
  -H "Content-Type: application/x-www-form-urlencoded" \
  -d "grant_type=client_credentials&client_id=dev-internal&client_secret=dev-internal-secret")
TOKEN=$(echo "$RESP" | sed -n 's/.*"access_token":"\([^"]*\)".*/\1/p')

curl -sS -H "Authorization: Bearer ${TOKEN}" \
  "${BASE}/v1/distribution-channels"

Recommendations

The recommender uses the same HoJ bearer token. Pass brand and locale; the BFF resolves the upstream channel_id. 
BASE="https://staging.api.hofj.com"
TOKEN="replace-with-hoj-api-key-or-oauth-token"

curl -sS -H "Authorization: Bearer ${TOKEN}" \
  "${BASE}/v1/recommendations/product?brand=Weebora&locale=it&product_id=1127&top_n=5"

curl -sS -H "Authorization: Bearer ${TOKEN}" \
  "${BASE}/v1/recommendations/search?brand=Weebora&locale=it&keyword=padel&top_n=10"

RFC 7807 errors

Failed calls return application/problem+json with type, title, status, detail. Use -v or log response bodies when debugging 401, 403, 429, 502.