ScanSource OAuth FAQ 

ScanSource uses OAuth 2.0 client credential flow and subscription key for authorization. 

The OAuth token is sent as header Authorization Bearer {token}. The OAuth tokens are obtained from our OAuth service using a client credential flow, client ID and secret. 

EndPoints 

Sandbox Testing 

OAuth Server: https://login.microsoftonline.com/scansourceb2cqas.onmicrosoft.com/oauth2/v2.0/token 

Scope: https://scansourceb2cqas.onmicrosoft.com/8e3cf5bd-9d8d-407d-b0ac-0fbe2a3dab68/.default 

API Gateway: https://apitest.scansource.com 

Partner portal: https://partnertestportal.scansource.com 

 Production 

OAuth Server:  https://login.microsoftonline.com/scansourceb2c.onmicrosoft.com/oauth2/v2.0/token 

Scope:  https://scansourceb2c.onmicrosoft.com/a2eccdbd-b208-4e77-a82f-dddd1814309a/.default 

API Gateway: https://api.scansource.com/ 

Partner portal: https://partnerportal.scansource.com

Example

Example POST request to obtain token is shown below.

Picture
Picture

Client ID and Client Secret

These are unique to your organization. View them from your Profile by clicking on the Organization Subscription Information button as shown below. they are passed along with your API key when making a request. 

Picture
Picture

Curl OAUTH example against scansource test oauth server: 

curl -X POST -H "Content-Type: application/x-www-form-urlencoded" -d 'client_id={YOUR_CLIENT_ID}&scope=https://scansourceb2cqas.onmicrosoft.com/8e3cf5bd-9d8d-407d-b0ac-0fbe2a3dab68/.default

&client_secret={YOUR_CLIENT_SECRET}&grant_type=client_credentials' 'https://login.microsoftonline.com/scansourceb2cqas.onmicrosoft.com/oauth2/v2.0/token'

Example Pricing Request

Pricing and availability request with header keys Bearer Authorization and  Ocp-Apim-Subscription-Key (not shown in screenshot) values set. API key obtained from profile.  

Picture

Token expiration

Each token has a 60 minute duration before it will need to be renewed. You may retrieve a new token with each call.