To keep your eCommerce business safe and secure, Ingram Micro uses the OAuth 2.0 protocol. OAuth 2.0 authorizes our APIs with access tokens, instead of username/password credentials. For additional information, please visit OAuth 2.0.


How Do I Get My Tokens?

Ensure that you have created an account, and that you have your API Keys (Client ID and Client Secret) for the default sandbox app.

Use this form to request and obtain an access token:

curl -X POST -H "Content-Type: application/x-www-form-urlencoded" -d 
Component Description
grant_type: This must be client_credentials.
client_id: Your application's Client ID.
client_secret: Your application's Client Secret


The response returns this information:

"access_token": "eyJz933asdfjdhk41aUWw",
"token_type": "Bearer",
"expires_in": 2592000,

Please note that the response above contains the access_token.


Important: The access token expires every 24 hours and must be refreshed. To get a new token, use the above steps.


Use the Access Token

Once you obtain the access_token, use it to make calls to the API by passing it as a Bearer Token in the Authorization header of the HTTP request, as shown:

curl --request POST \ --url '' \
--header 'authorization: Bearer ACCESS_TOKEN

Build the API Call

Your API call must contain the following components:

  1. Host:
  2. Authorization Header, with valid access token.
  3. A Request (POST, GET, PUT, DELETE).
    • When submitting data to a resource via POST or PUT, you must submit your payload in JSON.
    • curl --location --request POST '' \ 
      --header 'Content-Type: application/json' \ --header 'Authorization: Bearer ' \ --data-raw '


Next: Request & Response >