Authentication

To keep your B2B communications safe and secure, Ingram Micro uses the OAuth 2.0 protocol. OAuth 2.0 authorizes our APIs with access tokens, instead of username/password credentials. For additional information, please visit OAuth 2.0.

How do I get my tokens?

Ensure that you have created an account, and that you have your API Keys (Client ID and Client Secret) for the default sandbox app.

Use this form to request and obtain an access token:

curl -X POST -H "Content-Type: application/x-www-form-urlencoded" -d 
"grant_type=client_credentials&client_id=YOUR_CLIENT_ID&client_secret=YOUR_CLIENT_SECRET" https://api.ingrammicro.com:443/oauth/oauth30/token

The response returns this information:

"access_token": "eyJz933asdfjdhk41aUWw",
"token_type": "Bearer",
"expires_in": 2592000,

Using the access token

Once you have obtained the access_token, use it to make API calls by passing it as a Bearer Token in the Authorization header of the HTTP request, as shown below:

curl --request POST \ --url 'https://api.ingrammicro.com:443/vendors/v1/some-api-endpoint' \
--header 'authorization: Bearer ACCESS_TOKEN

Build the API call

Your API call must contain the following components:

1. Host:
   • The host for web API production requests is always:
     https://api.ingrammicro.com:443/vendors/v1
   • The host for web API sandbox requests is always:
     https://api.ingrammicro.com:443/sandbox
2. Authorization Header, with valid access token
3. A request (POST, GET, PUT, DELETE)
   • When submitting data to a resource via POST or PUT, you must submit your payload in JSON.

   • curl --location --request POST 'https://api.ingrammicro.com:443/vendors/v1' \
     --header 'Content-Type: application/json' \ --header 'Authorization: Bearer ' \ --data-raw '