2 Legged Authorization
Basic Steps
All client applications, both Production and Sandbox, follow a basic pattern when making requests to a Digi-Key API with the OAuth 2.0 framework.
Register an Application
When you create your application, you are given an OAuth2 client ID and client secret. Copy and secure this information for your client application.
Get an access token
Get an access token by sending the client id, client secret, and grant type to the authorization server’s token endpoint. You will receive an access token..
Send the access token to an API
By passing the access token with a request header, the client application can now make requests to the Digi-Key API it is subscribed to. When the access token expires, a new request must be made.
Accessing a Production Application
Contained below is the necessary information to complete the OAuth process for DigiKey Applications. Before continuing please confirm that a client application is registered, its client id and client secret are stored and secured, and its subscribed to an API Product.
Getting the Access Token
The URL used to get your token is:
Access Token Endpoint | Description |
|---|---|
This endpoint is the target of the request. The result of requests to this endpoint is the access token |
The request for an access token is an HTTPS POST request and must include the following x-www-form-urlencoded data:
Field | Description |
|---|---|
client_id | The client id assigned to the registered application. |
client_secret | The client secret assigned to the registered application. |
grant_type | As defined in the OAuth 2.0 specification, this field must contain the value client_credentials |
An example of an access token POST request
POST /v1/oauth2/token HTTP/1.1
Host: api.digikey.com
Content-Type: application/x-www-form-urlencoded
client_id={application_client_id}&
client_secret={application_client_secret}&
grant_type=client_credentials
A successful response to this request contains these fields:
Field | Description |
|---|---|
access_token | The token sent to access a Digi-Key API. |
expires_in | The remaining lifetime of the access token, in seconds. |
token_type | The token type being returned. |
A successful response is returned as a JSON object.
Example response to a successful access token request:
{
"access_token": "SLKDosk89/DOSID-frt3234SLsofds",
"expires_in": 599,
"token_type": "Bearer",
}
Note: Other fields may be included in the response, and your application should not treat this as an error. The set shown above is the minimum set.
Token Expiration Time
Type | Expires in |
|---|---|
Access Token | 10 minutes |
Making an API Call
With OAuth completed the application can send a request.
Application example request
Example request to ProductSearch using organization credentials and endpoint (api.digikey.com):
GET /products/v4/search/P5555-ND/productdetails HTTP/1.1
Host: api.digikey.com
X-DIGIKEY-Client-Id: heWGx9w6DK8kZf3jRv5E9jUAhXrGBU67
Authorization: Bearer s4T5DbmFZadjNRAEbUnN9zkU3DBj
X-DIGIKEY-Locale-Site: US
X-DIGIKEY-Locale-Language: en
X-DIGIKEY-Locale-Currency: USD
X-DIGIKEY-Customer-Id: 0
The Value of the Authorization header must be prefixed with "Bearer"
e.g.: "Authorization": "Bearer xGr69sdAjLmnAHwGF4R1HedfDHl3j"
or you will get a Bearer token error.
Accessing a Sandbox Application
The process to access a Sandbox application is the same as for a Production application.
The only difference is that the Host name is sandbox-api.digikey.com.