Guides

Authentication

Suggest Edits

The Pax8 API authenticate requests using OAuth 2.0. You'll be given a client_id and a client_secret to authenticate with the API. Once you have these, you'll need to request a token that can be used when making API requests.

Access Tokens retrieved will have a time to live of one day. You should not need to request a new access token before every request.

NOTE: Although we keep referring to HTTP standards, the literal syntax of all requests to the API must use HTTPS. API requests NOT made through HTTPS will fail.

For Partners

Once you request your initial API keys via the Pax8 app, your API keys provide full access to all public APIs which includes ordering, invoice management, creating companies, etc. Please use caution in sharing these keys with others. Don't paste them in cleartext to source code, customer code, or shared spaces. Also these should not be provided to any 3rd party platforms. 3rd party platforms are required to use our Delegated oauth flow to get partner authorization.

Make sure to use anaudience of https://api.pax8.com when getting a token.

For 3rd Party Vendors

If you manage a 3rd party application and would like to pull Pax8 partner data via our public apis, you will need to use our Delegated oauth flow to get partner authorization. Please reach out to [email protected]. Let us know the app you’d like to integrate, your use cases and any known Pax8 partners that are using your app and would be interested in your intended integration. We’ll reach out with API keys and access to a sandbox environment you can use.

For Marketplace Vendors

If Pax8 sells your product in our marketplace, obtain your Client Id and Client Secret from your Pax8 Contact.

Generate a token. Replace <client_id> and <client_secret> in the example below with your credentials.

Make sure to use an audience of api://provisioning when getting a token to use with provisioning endpoints. Conversely, make sure to use an audience of api://usage when requesting a token to use with usage endpoints

Example

Make sure to substitute in your client_id, client_secret and appropriate audience when creating access tokens:

curl --request POST \
     --url https://api.pax8.com/v1/token \
     --header 'accept: application/json' \
     --header 'content-type: application/json' \
     --data '
{
  "audience": "api://provisioning",
  "grant_type": "client_credentials",
  "client_id": "<client_id>",
  "client_secret": "<client_secret>"
}
'

Token endpoint response example:

{
    "access_token": "<token>",
    "scope": "vendorSimulation:provisioning",
    "expires_in": 86400,
    "token_type": "Bearer",
    "expires_at": "2024-12-20T17:53:50.460+00:00"
}
  1. Use the token to call the API. Replace <token> in the example below with your token
curl --request GET
 --url https://api.pax8.com/v2/provision-requests \
 --header 'content-type: application/json' \
 --header 'Authorization: Bearer <token>'

Updated 22 days ago