Authentication
API Authentication
Secure your WMS API integration with industry-standard authentication methods.
Overview
The WMS API supports multiple authentication methods to suit different integration scenarios. Choose the method that best fits your security requirements and use case.
API Keys
Simple key-based authentication for server-to-server calls
OAuth 2.0
Token-based auth for user-delegated access
JWT Tokens
Stateless authentication with expiring tokens
API Key Authentication
The simplest way to authenticate is using an API key in the request header. This method is recommended for server-to-server integrations.
Request Header
curl -X GET "https://api.synaptis.com/wms/v1/inventory" \
-H "Authorization: Bearer YOUR_API_KEY" \
-H "Content-Type: application/json"Security Best Practices
- Never expose API keys in client-side code
- Rotate keys regularly (recommended: every 90 days)
- Use environment variables to store keys
- Implement IP whitelisting for production keys
OAuth 2.0 Authentication
For applications that require user-delegated access, use OAuth 2.0 with the authorization code flow.
Token Exchange
POST /oauth/token HTTP/1.1
Host: auth.synaptis.com
Content-Type: application/x-www-form-urlencoded
grant_type=authorization_code
&code=AUTH_CODE
&redirect_uri=YOUR_REDIRECT_URI
&client_id=YOUR_CLIENT_ID
&client_secret=YOUR_CLIENT_SECRETToken Response
{
"access_token": "eyJhbGciOiJSUzI1NiIs...",
"token_type": "Bearer",
"expires_in": 3600,
"refresh_token": "dGhpcyBpcyBhIHJlZnJl...",
"scope": "inventory:read inventory:write"
}Permission Scopes
Control access granularity using OAuth scopes. Request only the permissions your integration needs.
| Scope | Description |
|---|---|
inventory:read | Read inventory levels and product data |
inventory:write | Create and update inventory records |
orders:read | View order details and status |
orders:write | Create and fulfill orders |
locations:manage | Manage warehouse locations and zones |