API Authentication

API Documentation

For API documentation, please visit https://flxpoint.stoplight.io/

Tokens

For any request you make to Flxpoint API, a token is required which is used to authenticate the request. This should be a bearer token which should be sent in the request header.

Authorization: Bearer {Access Token}

Flxpoint API provides tokens for a few different situations:

Source(s)

Endpoints

  • Create/Update Source Inventory
  • Get Fulfillment Requests/fulfillment orders (FRs/FO)
  • Acknowledge FR/FO
  • Cancel FR/FO
  • Create Shipment(s)

Methods of Authentication

  • Flxpoint User provides API token from source

Channel(s)

Endpoints

  • Get Listings to Sync
  • Post Sync Responses (optional)
  • Get Listings to Publish
  • Post Publish Responses (optional)
  • Create New Order (B2B and B2C)
  • Get Shipments (B2B and B2C)
  • Get Order Status (B2B and B2C)

Methods of Authentication

  • Products: Flxpoint user provides API token from channel
  • Ordering (B2B): Flxpoint reseller retrieves API token from Reseller Portal
  • Ordering (B2C): Flxpoint user provides API token from channel

Generating an Access Token for Source

This allows all source endpoints to be accessible for this source.

  1. Login to Flxpoint application (https://app.flxpoint.com )
  2. View All Sources
  3. Configure the source you want an access token for
  4. On the Basic Info screen there’s an API Access section
  5. If no API token exists yet, click Grant Access to generate one
  6. You can now copy this API token and use it to interact with this source via the API

Generating an Access Token for Channel

This will allow all channel endpoints to be accessible for B2C channels and product access for B2B channels.

  1. Login to Flxpoint application (https://app.flxpoint.com )
  2. View All Channels
  3. Choose Sales Channels (B2C) or Reseller Channels (B2B)
  4. Configure the channel you want an access token for
  5. On the Basic Info screen there’s an API Access section
  6. If no API token exists yet, click Grant Access to generate one
  7. You can now copy this API token and use it to interact with this channel via the API

Generating an Access Token for a Reseller

This allows a reseller to submit/check an order that’s isolated to their dealer account only.

  1. A dealer logs into the Reseller Portal for this Flxpoint user (i.e. https://custom-subdomain.flxpoint.com)
  2. As long as the reseller is approved, they should see an API token on their Settings page
  3. If the dealer is not yet approved, they must reach out to the Flxpoint user to get approval first
  4. The dealer can then use this API token to authenticate B2B ordering in the API

Using an Access Token

When making calls to Flxpoint API, an access token must be included in every request.

The Access Token should be passed as a bearer token in the authorization header. See below for example HTTP Header:

Authorization: Bearer 18czwoas2g462vXXYYZZa4purzq53pombeq9qfdr1w9

Troubleshooting Authentication

401 - Unauthorized

The API responds with a 401 when:

  • Access token is invalid
  • Access token has been revoked
  • Access token has been “regenerated” from the UI
  • Access token is not permitted for this endpoint

To correct this, please make sure you have the correct access token once more, and also ensure that you are using allowed endpoints for each access token.

For example, a source access token cannot create new orders on the channel. Likewise, a channel access token cannot create a new order on on B2B channels (resellers). This requires a B2B/reseller access token.