Authentication

All endpoints require a valid Bearer token obtained from Auth0 via the OAuth 2.0 Client Credentials flow (Machine-to-Machine).

The Auth0 Environment, Audience, Client_Id, Client_Secret will be provided to you by our Dev Team.

Obtaining a Token

Request a token from the Auth0 /oauth/token endpoint:

POST https://{Auth0.Environment}/oauth/token Content-Type: application/json  
{   
    "client_id": "{API.Your_Client_Id}",   
    "client_secret": "{API.Your_Client_Secret}",   
    "audience": "{API.Audience}",   
    "grant_type": "client_credentials" 
}

Response:

{   
    "access_token": "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9...",   
    "token_type": "Bearer",   
    "expires_in": 86400 
}

Calling the API

Include the token in the Authorization header of every request:

GET .../REST/Items 
Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9...

Multi-Tenancy

The API is multi-tenant.
The tenant is resolved from the tenant_id custom claim embedded in the JWT payload by Auth0.
All data are automatically scoped to the authenticated tenant.

Error Responses

401 Unauthorized :Missing or invalid Bearer token.
403 Forbidden :Token is valid but lacks the required permissions.

Testing in the Developer Portal

1. Click + Add header in the Headers section.

2. Add header name: Authorization

3. Add header value: Bearer {your_token}