Partner Integrations

Partner integrations use the same API but a different authentication style. To obtain access to this, please email solutions@inventorysource.com with the following information:

Application Name
Company
Application Purpose
Callback URL
Estimated Customers in 3 month period

Once processed, Partners will receive their own Client ID and Client Secret that they can use with the below Authentication steps to obtain access to a Retailer’s account.

Documentation

View API reference documentation by clicking above – powered by Apiary.io

Authentication

Step 1: Create Developer Account

Reach out to solutions@inventorysource.com and request API access with the following information:

Application Name
Company
Application Purpose
Description
Callback URL
- If you’re building a partner integration, this will allow you to setup a page allowing users to authorize. If using internally, you can specify a dummy URL.

Once setup, the representative will provide you with a:

Client ID
Client Secret

Step 2: Authorize with Retailer Account

Auth0 Reference for this Step
Authorize Endpoint: https://inventorysource.auth0.com/authorize
- audience: /v1
- response_type: code
- scope:
  - write:orders
    - enables access to create orders to be fulfilled to configured suppliers
  - read:products
    - enables access to read products from configured catalogs
  - read:shipments
    - enables access to read shipments for any submitted orders
  - offline_access
    - enables access to “refresh” the access token (required)
- client_id: [YOUR CLIENT ID PROVIDED]
- state: [OPTIONAL CUSTOM STATE VALUE]
- redirect_uri: [YOUR CALLBACK URL]

Example URL:

https://inventorysource.auth0.com/authorize?audience=/v1&scope=write%3Aorders%20read%3Aproducts%20read%3Ashipments%20offline_access&response_type=code&client_id=xQi2jcOO3drNoZQ0yyMtPFpZvVnE3x0M&redirect_uri=https%3A%2F%2Fwww.getpostman.com%2Foauth2%2Fcallback&state=test

Developers will send their version of the above link to the retailer (or generate this dynamically through an application). The retailer will visit this secure link (powered by Auth0.com – administrated via Inventory Source) and sign into their inventorysource.com account.

Once a retailer successfully authenticates – they will be redirected to the “redirect_uri” provided and an authorization code will be passed as a query string parameter.

This “code” can be leveraged for 15 minutes to obtain an “access token” for the retailer’s account.

Step 3: Obtain Access Token

Auth0 Reference For this Step
Token Endpoint: https://inventorysource.auth0.com/oauth/token
- Body:
  - grant_type: authorization_code
  - client_id: [YOUR CLIENT ID]
  - client_secret: [YOUR CLIENT SECRET]
  - code: [CODE RETRIEVED FROM PREVIOUS REQUEST]
  - redirect_uri: [SAME REDIRECT URI USED TO GET THE CODE]

This will return back an “access token” and a “refresh token” (assuming you passed offline_access as a scope value). The access tokens are valid for 24 hours – once expired, the token must be refreshed.

Important: Keep the “refresh token” stored. This value never changes, but must be re-used to obtain a fresh access token once it’s expired

Step 4: Refresh Access Token

Auth0 Reference for this Step
Token Endpoint: https://inventorysource.auth0.com/oauth/token
- grant_type: refresh_token
- client_id: [YOUR CLIENT ID]
- client_secret: [YOUR CLIENT SECRET]

refresh_token: [REFRESH TOKEN STORED]

Rate Limiting

Sandbox

Pool of 10 requests (per Retailer)
1 request is replenished every 10 seconds (per Retailer)

Production

Pool of 20 requests (per Retailer)
1 request is replenished every 4 seconds (per Retailer)