OMS Authentication
The API is secured with OAuth2 using the Client Credentials grant type. The client application passes the OAuth2 Client ID and Client Secret to obtain an access token. These credentials are provided by the OMS team.
Prerequisites
Before you begin, ensure you have:
- Client ID - Provided by the OMS team
- Client Secret - Provided by the OMS team
Production Server
- OAuth2 URL :
https://connect.astoresuite.com/auth/realms/astore-p2p/protocol/openid-connect/token - OAuth2 Client ID : Provided by the OMS team.
- OAuth2 Client Secret : Provided by the OMS team.
Test Server
- OAuth2 URL :
https://connect.rec.astoresuite.com/auth/realms/astore-p2p/protocol/openid-connect/token - OAuth2 Client ID : Provided by the OMS team.
- OAuth2 Client Secret : Provided by the OMS team.
Authentication Flow
-
Obtain an Access Token
The client sends a POST request to the OAuth2 URL with the client credentials to get an access token.curl -X POST \
https://connect.astoresuite.com/auth/realms/astore-p2p/protocol/openid-connect/token \
-H 'Content-Type: application/x-www-form-urlencoded' \
-d 'grant_type=client_credentials&client_id=<client_id>&client_secret=<client_secret>' -
Use Access Token The client uses the access token to authorize the API requests.
curl -X GET \
https://oms-api-in01.astoreshop.com/oms-api/ \
-H 'Authorization: Bearer <access token>'
Refresh Token
Access tokens expire after a specific period. The client can use the refresh token to get a new access token without requiring re-authentication.
curl -X POST \
https://connect.astoresuite.com/auth/realms/astore-p2p/protocol/openid-connect/token \
-H 'Content-Type: application/x-www-form-urlencoded' \
-d 'grant_type=refresh_token&client_id=<client_id>&client_secret=<client_secret>&refresh_token=<refresh_token>'
Test Access
If you receive a 200 response, with the message Hello ! Welcome to the Astoreshop OMS API, this indicates successful authentication.
curl -X GET \
https://oms-api-in01.astoreshop.com/oms-api/ \
-H 'Authorization: Bearer <access token>'