OAuth - Authentication and Authorization | DigiKey Electronics Developer Portal

OAuth - Authentication and Authorization

I'm getting 401 errors with message: "The Bearer token is invalid", what am I doing wrong?

Check that your Authorization header is as described in section 2.1 of RFC 6750, The OAuth 2.0 Authorization Framework: Bearer Token Usage.

     GET /resource HTTP/1.1
     Host: server.example.com
     Authorization: Bearer mF_9.B5f-4.1JqM

What are the expiration times of the OAuth codes and tokens?

Authorization Code = 1 min

Access Token = 30 Minutes

Refresh Token = 90 days

Authorization Code - granted after authorizing client application with Digikey.com login credentials, used to receive an access token.

Access Token - used to make requests

Refresh Token - used when Access Token is expired. Submit refresh token to receive valid Access Token.

Error during "Getting your Authorization Code" process

During the authorization process a password form is presented. In this form you will use the credentials for your My DigiKey account.

If you do not have a My DigiKey account it can be created here: https://www.digikey.com/MyDigiKey/Register

If you do not know your My DigiKey account credentials or username, they can be reset or found here: https://www.digikey.com/MyDigiKey/login

When does the Refresh Token expire?

The Refresh Token expires in 90 Days, unless:

It is exchanged for a new Access Token (and a new refresh token).
The registered application's client id or client secret is reset, all tokens will become invalidated.

Can you provide some pseudo code for OAuth 2.0 implementation of client access to DigiKey API?

Please visit DigiKey GitHub page for a C# / Java Client Library with OAuth2 here DigiKey GitHub Repository.

I am trying to create a client application, but I do not have an OAuth redirect URI - what do I do?

If you do not have the infrastructure setup to handle responses from DigiKey, you can use the initial value of https://localhost

Do I need to use OAuth? May I have a permanent token instead?

DigiKey has found that the implementation of OAuth 2.0 is the simplest way to mutually be assured of a user's identity, as well as the user's permitted access to our APIs. For the reason that sensitive information is exposed by our APIs, DigiKey will only allow clients authenticated via OAuth 2.0 access.

How do I obtain an access token?

How do I get an access token so my application can call your API's?

When invoking an API from your application, you will need to pass along an access token. The access token can be obtained by making API calls to DigiKey's Authorization Server. Please see our OAuth 2.0 documentation for more details.

What is the difference between a Client ID and a Customer ID?

The Client ID is registered to your client application and is needed to access the APIs.

A Customer ID is registered to your My DigiKey account. A Customer ID can be passed into an API request when your account has more than one Customer ID registered.

You may have more than Customer ID if your My DigiKey account uses different currencies or has multiple users registered to it.

I am getting 401 status code and ErrorMessage: The Bearer token is invalid

Error Message:

{'ValidationErrors': [], 'ErrorDetails': 'Ensure the Authorization header has a valid Bearer token', 'ErrorResponseVersion': '3.0.0.0', 'StatusCode': 401, 'RequestId': '98cc4acc-2335-4121-9aba-ddc65fe2be40', 'ErrorMessage': 'The Bearer token is invalid'}

Verify the value of the Authorization header is prefixed with "Bearer"

e.g.: "Authorization": "Bearer xGr69sdAjLmnAHwGF4R1HedfDHl3j"

The word "Bearer" must be sent or else you will get a Bearer token error.

"Authorization":"Bearer <bearertoken>"