search

Overview

Authenticate with the PartsSource APIs using OAuth 2.0

The PartsSource APIs use JWT Bearer Token authentication via AWS Cognito. All API requests (except health checks) require a valid access token.

hashtag
Quick Start

hashtag
1. Get an Access Token

curl -X POST https://auth.partssource.com/oauth2/token \
  -H "Content-Type: application/x-www-form-urlencoded" \
  -d "grant_type=client_credentials" \
  -d "client_id=YOUR_CLIENT_ID" \
  -d "client_secret=YOUR_CLIENT_SECRET" \
  -d "scope=default-m2m-resource-server-p2hkah/admin:internal"

Response:

{
  "access_token": "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9...",
  "token_type": "Bearer",
  "expires_in": 3600
}

hashtag
2. Use the Token

Include the token in the Authorization header:

hashtag
Authentication Flow

The APIs use the OAuth 2.0 Client Credentials flow, designed for machine-to-machine (M2M) integration:

hashtag
Token Details

Property
Value

Type

JWT (JSON Web Token)

Expiration

1 hour (3600 seconds)

Algorithm

RS256

Issuer

AWS Cognito User Pool

hashtag
Token Lifecycle

  1. Request - Exchange credentials for access token

  2. Use - Include token in API requests

  3. Refresh - Request new token before expiration

  4. Expire - Token becomes invalid after 1 hour

circle-exclamation

Tokens expire after 1 hour. Implement token refresh logic to avoid service interruption. See Token Management for best practices.

hashtag
API Scopes

Scopes define what resources your application can access.

hashtag
InternalApi Scopes

Scope
Access Level

default-m2m-resource-server-p2hkah/admin:internal

Full InternalApi access

hashtag
CustomerApi Scopes

Scope
Access Level

default-m2m-resource-server-p2hkah/customer:read

Read customer data

default-m2m-resource-server-p2hkah/customer:write

Create/update customer data

Request the appropriate scope when obtaining your token:

hashtag
Authentication Endpoints

Endpoint
URL
Purpose

Token

https://auth.partssource.com/oauth2/token

Exchange credentials for token

JWKS

https://auth.partssource.com/.well-known/jwks.json

Public keys for token validation

Discovery

https://auth.partssource.com/.well-known/openid-configuration

OpenID Connect configuration

hashtag
Error Responses

hashtag
401 Unauthorized

Returned when authentication fails:

Common causes:

  • Missing Authorization header

  • Invalid or malformed token

  • Expired token

  • Token signature validation failed

hashtag
403 Forbidden

Returned when authentication succeeds but authorization fails:

Common causes:

  • Token lacks required scope

  • Attempting cross-tenant access (CustomerApi)

  • User doesn't have facility access

hashtag
Next Steps

PreviousRequest headersNextObtaining Tokens

Last updated