search

Requesting API Access

How to request API credentials for PartsSource APIs

To use the PartsSource APIs, you need OAuth 2.0 client credentials. This guide explains how to request access and what to expect.

hashtag
What You'll Receive

After approval, you'll receive:

Credential
Description
Keep Secret?

Client ID

Your application's unique identifier

No (but don't share publicly)

Client Secret

Your application's secret key

Yes - treat like a password

Scope(s)

API access levels granted

No

hashtag
Prerequisites

Before requesting access, ensure you have:

hashtag
Request Process

1

hashtag
Contact Your Account Manager

Reach out to your PartsSource account manager or contact [email protected] to initiate the API access request.

Include in your request:

  • Company name and account information

  • Integration use case description

  • Technical contact name and email

  • Preferred environment(s): Production, QA, or both

2

hashtag
Specify Required Access

Indicate which API and scope you need:

For InternalApi:

  • default-m2m-resource-server-p2hkah/admin:internal - Full administrative access

For CustomerApi:

  • default-m2m-resource-server-p2hkah/customer:read - Read-only access

  • default-m2m-resource-server-p2hkah/customer:write - Read and write access

3

hashtag
Review and Approval

Our team will review your request and may ask clarifying questions about:

  • Intended data usage

  • Security measures in place

  • Integration architecture

Typical review time: 5-10 business days

4

hashtag
Receive Credentials

Upon approval, you'll receive your credentials via secure channel:

  • Client ID and Client Secret

  • Environment-specific endpoints

  • Any usage guidelines or restrictions

circle-exclamation

Store your client secret securely. It cannot be recovered if lost - you'll need to request new credentials.

hashtag
Environment Access

You can request access to different environments:

Environment
Purpose
Typical Access

QA

Testing and development

Granted first

Production

Live integration

After QA validation

circle-info

Recommended approach: Start with QA access, validate your integration, then request production credentials.

hashtag
Security Requirements

To maintain API access, you must:

hashtag
Credential Security

  • Store credentials in secure secret management systems

  • Never commit credentials to source control

  • Rotate credentials if compromise is suspected

  • Use separate credentials for each environment

hashtag
Integration Security

  • Use HTTPS for all API communication

  • Implement proper error handling

  • Follow rate limiting guidelines

  • Log correlation IDs for debugging

hashtag
Compliance

  • Only access data your integration requires

  • Comply with data handling agreements

  • Report any security incidents promptly

hashtag
Credential Rotation

If you need to rotate credentials (suspected compromise, security policy, etc.):

  1. Contact [email protected]

  2. Request new credentials

  3. Update your integration with new credentials

  4. Confirm old credentials should be revoked

triangle-exclamation

Credential revocation is immediate. Ensure your integration is updated before requesting revocation of old credentials.

hashtag
Multiple Integrations

If you have multiple applications or services that need API access:

Approach
When to Use

Shared credentials

Same application, multiple instances

Separate credentials

Different applications or teams

Recommendation: Use separate credentials for each distinct integration to:

  • Isolate access if one is compromised

  • Track usage per integration

  • Apply different rate limits if needed

hashtag
Support

For questions about API access:

Topic
Contact

New access requests

Your account manager

Technical issues

[email protected]

Credential problems

[email protected]

Security concerns

[email protected]

When contacting support, include:

  • Your company name

  • Client ID (not secret!)

  • Environment (QA/Production)

  • Description of issue or request

PreviousToken ManagementNextError Handling

Last updated