Skip to main content

OMS Authentication

The API is secured with OAuth2.0. The client credentials are used to authenticate the client. The client credentials are provided by the OMS team.

Production Server

  • Oauth2 URL : https://connect.astoresuite.com/auth/realms/astore-p2p/protocol/openid-connect/token
  • Oauth2 Client ID : The one provided by the OMS team.
  • Oauth2 Client Secret : The one provided by the OMS team.

Test Server

  • Oauth2 URL : https://connect.rec.astoresuite.com/auth/realms/astore-p2p/protocol/openid-connect/token
  • Oauth2 Client ID : The one provided by the OMS team.
  • Oauth2 Client Secret : The one provided by the OMS team.

Authentication Flow

  1. Get Access Token
    The client sends a POST request to the Oauth2 URL with the client credentials to get the access token.

    curl -X POST \
      https://connect.astoresuite.com/auth/realms/astore-p2p/protocol/openid-connect/token \
      -H 'Content-Type: application/x-www-form-urlencoded' \
      -d 'grant_type=client_credentials&client_id=<client_id>&client_secret=<client_secret>'

  2. Use Access Token The client uses the access token to authenticate the API requests.

    curl -X GET \
      https://oms-api-in01.astoreshop.com/oms-api/ \
      -H 'Authorization: Bearer <access token>'

Refresh Token

The access token expires after a certain time. The client can use the refresh token to get a new access token without asking the user to authenticate again.

curl -X POST \
  https://connect.astoresuite.com/auth/realms/astore-p2p/protocol/openid-connect/token \
  -H 'Content-Type: application/x-www-form-urlencoded' \
  -d 'grant_type=refresh_token&client_id=<client_id>&client_secret=<client_secret>&refresh_token=<refresh_token>'

Test access

If you get a 200 response, with the message Hello ! Welcome to the Astoreshop OMS API, then you have successfully authenticated.

curl -X GET \
  https://oms-api-in01.astoreshop.com/oms-api/ \
  -H 'Authorization: Bearer <access token>'