search

Request headers

This page documents the HTTP headers used when making requests to PartsSource APIs.

hashtag
Authorization

All API requests require an Authorization header with a Bearer token:

Authorization: Bearer {your-access-token}

See Authentication for details on obtaining an access token.

hashtag
Idempotency-Key

The Idempotency-Key header is required for order creation (POST /orders) and prevents duplicate orders when retrying failed requests.

hashtag
Purpose

Network failures, timeouts, or client errors can cause uncertainty about whether a request succeeded. Without idempotency, retrying a POST /orders request could create duplicate orders. The Idempotency-Key header ensures that retrying the same request returns the original response instead of creating a new order.

hashtag
Format

The header value must be a valid UUID (version 4 recommended):

Idempotency-Key: 550e8400-e29b-41d4-a716-446655440000

hashtag
Example Request

curl --location \
--request POST 'https://api.partssource.com/customer/orders' \
--header 'Content-Type: application/json' \
--header 'Authorization: Bearer {your-access-token}' \
--header 'Idempotency-Key: 550e8400-e29b-41d4-a716-446655440000' \
--data '{
  "facilityId": "FAC-001",
  "lineItems": [
    {
      "partNumber": "PART-12345",
      "quantity": 1
    }
  ]
}'

hashtag
Behavior

Scenario
Result

First request with a new key

Order is created, response returned

Retry with the same key

Original response is returned (no duplicate order)

New request with a different key

New order is created

hashtag
Best Practices

  • Generate a new UUID for each unique order intent

  • Store the key before sending the request so you can retry with the same key if needed

  • Do not reuse keys across different orders

  • Keys are typically valid for 24 hours

hashtag
Content-Type

For requests with a body (POST, PUT, PATCH), include:

PreviousHTTP methodsNextOverview

Last updated