ScanSource OAuth FAQ
ScanSource uses OAuth 2.0 client credential flow and subscription key for authorization.
The OAuth token is sent as header Authorization Bearer {token}. The OAuth tokens are obtained from our OAuth service using a client credential flow, client ID and secret.
EndPoints
Sandbox Testing
OAuth Server: https://login.microsoftonline.com/scansourceb2cqas.onmicrosoft.com/oauth2/v2.0/token
Scope: https://scansourceb2cqas.onmicrosoft.com/8e3cf5bd-9d8d-407d-b0ac-0fbe2a3dab68/.default
API Gateway: https://apitest.scansource.com
Partner portal: https://partnertestportal.scansource.com
Production
OAuth Server: https://login.microsoftonline.com/scansourceb2c.onmicrosoft.com/oauth2/v2.0/token
Scope: https://scansourceb2c.onmicrosoft.com/a2eccdbd-b208-4e77-a82f-dddd1814309a/.default
API Gateway: https://api.scansource.com/
Partner portal: https://partnerportal.scansource.com
Example
Example POST request to obtain token is shown below.
Client ID and Client Secret
These are unique to your organization. View them from your Profile by clicking on the Organization Subscription Information button as shown below. they are passed along with your API key when making a request.
Curl OAUTH example against scansource test oauth server:
curl -X POST -H "Content-Type: application/x-www-form-urlencoded" -d 'client_id={YOUR_CLIENT_ID}&scope=https://scansourceb2cqas.onmicrosoft.com/8e3cf5bd-9d8d-407d-b0ac-0fbe2a3dab68/.default
&client_secret={YOUR_CLIENT_SECRET}&grant_type=client_credentials' 'https://login.microsoftonline.com/scansourceb2cqas.onmicrosoft.com/oauth2/v2.0/token'
Example Pricing Request
Pricing and availability request with header keys Bearer Authorization and Ocp-Apim-Subscription-Key (not shown in screenshot) values set. API key obtained from profile.
Token expiration
Each token has a 60 minute duration before it will need to be renewed. You may retrieve a new token with each call.