Security and authentication

To ensure your data is protected, the Supplier Network APIs use industry best practises around security, including the OAuth2.0 client credentials token API and Bearer Token Authentication.

Generating API credentials

As an administrator, you can generate API credentials in the Settings area of the Supplier Network application.

Your organisation must be a member of the Essentials membership option or higher. For more information about membership options, see the Beeline Supplier Network Subscription Packages page.

To generate API credentials for your integration such as Client ID and Secret, complete these steps:

  1. Log in to Supplier Network.

  2. Go to Settings  API Keys.

  3. Select Generate API Key and follow the instructions on the screen.

Fetching an access token

You must use an access token in order to access protected APIs.

For more information about the token API, see Obtain an access token via an OAuth client credentials grant. This is a standard OAuth2.0 Client Credentials token API.

The following is an example of a cURL request for the token API. The content of the basic authentication header must be "yourClientID:yourClientSecret" encoded in Base64.

curl --location 'https://gwg.cloud.utmost.co/api/gwg/supplier/oauth/token'
--header 'Content-Type: application/x-www-form-urlencoded'
--header 'Authorization: Basic **************'
--data-urlencode 'grant_type=client_credentials'

Calling an authenticated API

All API calls are secured using Bearer Authentication. The client must fetch a token from the token API and send it in the Authorization header when making requests to protected resources:

`Authorization: Bearer <token>`

If the token is missing, invalid, or expired, the API in question will respond with a 401 error code (unauthorized).