Overview

Authenticate with the PartsSource APIs using OAuth 2.0

The PartsSource APIs use JWT Bearer Token authentication via OAuth 2.0. All API requests (except health checks) require a valid access token.

Quick Start

1. Get an Access Token

curl -X POST https://auth.partssource.com/oauth2/token \
  -H "Content-Type: application/x-www-form-urlencoded" \
  -d "grant_type=client_credentials" \
  -d "client_id=YOUR_CLIENT_ID" \
  -d "client_secret=YOUR_CLIENT_SECRET"

Response:

{
  "access_token": "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9...",
  "token_type": "Bearer",
  "expires_in": 3600
}

2. Use the Token

Include the token and API key in all requests:

curl -X GET "https://api.partssource.com/customer/api/users/lookup?userId=12345" \
  -H "Authorization: Bearer eyJhbGciOiJSUzI1NiIs..." \
  -H "x-api-key: YOUR_API_KEY"

Authentication Flow

The APIs use the OAuth 2.0 Client Credentials flow, designed for machine-to-machine (M2M) integration:

Your Application                    Auth Server                      API
      |                                  |                            |
      |-- POST /oauth2/token ----------->|                            |
      |   (client_id, client_secret)     |                            |
      |                                  |                            |
      |<-- access_token -----------------|                            |
      |                                  |                            |
      |-- GET /api/resource ---------------------------------->|
      |   (Authorization: Bearer token)                        |
      |                                  |                            |
      |<-- Response -------------------------------------------|

Token Details

Property

Value

Type

JWT (JSON Web Token)

Expiration

1 hour (3600 seconds)

Algorithm

RS256

Issuer

Authorization server

Token Lifecycle

Request - Exchange credentials for access token
Use - Include token in API requests
Refresh - Request new token before expiration
Expire - Token becomes invalid after 1 hour

Tokens expire after 1 hour. Implement token refresh logic to avoid service interruption. See Token Management for best practices.

Authentication Endpoints

Endpoint

URL

Purpose

Token

https://auth.partssource.com/oauth2/token

Exchange credentials for token

JWKS

https://auth.partssource.com/.well-known/jwks.json

Public keys for token validation

Discovery

https://auth.partssource.com/.well-known/openid-configuration

OpenID Connect configuration

Error Responses

401 Unauthorized

Returned when authentication fails:

{
  "type": "https://tools.ietf.org/html/rfc7235#section-3.1",
  "title": "Unauthorized",
  "status": 401,
  "detail": "Authentication is required to access this resource.",
  "correlationId": "0HN7QJKV3QJ8K:00000001"
}

Common causes:

Missing Authorization header
Invalid or malformed token
Expired token
Token signature validation failed

403 Forbidden

Returned when authentication succeeds but authorization fails:

{
  "type": "https://tools.ietf.org/html/rfc7231#section-6.5.3",
  "title": "Forbidden",
  "status": 403,
  "detail": "You do not have permission to access this resource.",
  "correlationId": "0HN7QJKV3QJ8K:00000001"
}

Common causes:

Attempting cross-tenant access (CustomerApi)
User doesn't have facility access

Next Steps

Obtaining Tokens - Detailed token request guide
Token Management - Best practices and error handling
Request API Access - How to get your credentials

PreviousRequest headers NextObtaining Tokens

Last updated 1 month ago

Good evening

hashtagQuick Start

hashtag1. Get an Access Token

hashtag2. Use the Token

hashtagAuthentication Flow

hashtagToken Details

hashtagToken Lifecycle

hashtagAuthentication Endpoints

hashtagError Responses

hashtag401 Unauthorized

hashtag403 Forbidden

hashtagNext Steps

Quick Start

1. Get an Access Token

2. Use the Token

Authentication Flow

Token Details

Token Lifecycle

Authentication Endpoints

Error Responses

401 Unauthorized

403 Forbidden

Next Steps