Authorization

Modified on Tue, 12 Sep 2023 at 04:23 PM

TABLE OF CONTENTS

Introduction
Finding your Client ID and Client Secret
Getting an Access Token in the Portal
Getting an Access Token in an IDE (BCP)
- Supply Scope
- Design Scope
Getting an Access Token Programmatically

Introduction

Nexar uses OAuth 2.0 which is the industry standard for authorization - to query the API an access token must be provided. These access tokens are valid for 24 hours and then will be rejected by the API after this time.

For development and testing, you can generate an access token in the Nexar portal. Navigate to Applications, Details (for your app), Access Token, and then Generate token.

Production applications should follow the appropriate OAuth 2 flow to automatically obtain new access tokens as needed. As they live for 24 hours, they should be cached accordingly.

Finding your Client ID and Client Secret

Your client ID and secret are static credentials that are used to fetch time-limited access tokens. They are application specific and so carry the scope the application has.

To find them for a given application, click on Apps in the left hand panel, and click on the app.

Select the Authorization tab under the apps name, and you will see Client ID and Secret next to Credentials.

Getting an Access Token in the Portal

To find them for a given application, click on Apps in the left hand panel, and click on the app.

Select the Authorization tab under the apps name, and click on the "Generate token" button. You can copy it using the button to the right.

Getting an Access Token in an IDE (BCP)

Working within an IDE such as Banana Cake Pop (BCP) or Postman allows you to write and run your own queries for the API in a user-friendly environment. Whichever IDE you choose, the steps for fetching tokens are similar. The following steps will go through how to get set up in BCP.

1) To get started go to https://api.nexar.com/graphql/. If you are connected to the API, in the top right of your page there should be a green "Online" status.

2) Click on the settings cog in the top right and this will bring up your connection settings to the API. You should see on the "General" tab that the "Schema Endpoint" matches the URL: https://api.nexar.com/graphql.

Go to the "Authorization" tab and select "OAuth 2" in the type dropdown. Depending on which scopes of the API you want to use, the set up will be different. If you want to query supply data such as part offers, technical specifications or lifecycle data follow along with the below section "Supply Scope". Otherwise if you want to query Altium 365 design data, skip over the "Supply Scope" section and follow the "Design Scope" section.

Supply Scope

3) For the supply scope, we recommend using the client credentials grant type. Select this on the "Grant Type" dropdown.

The endpoint for fetching tokens is https://identity.nexar.com/connect/token so paste it into the "Access Token URL" field.

4) For the next step you need your application's client credentials (ID and secret) which you can find in the Nexar portal on an application's "Authorization" tab.

Paste these credentials into the "Client ID" and "Client Secret" fields respectively.

5) Once you've pasted in your client credentials, scroll to the bottom of the tab and click on the "Fetch Token" button. If this is successful you should see an access token filling the "Access Token" field above and receive no errors. Once you've done that, your IDE is set up for querying the Nexar API.

Design Scope

3) For the design scope, we recommend using the "Authorization Code" grant type so select this on the dropdown. Enter the following URLs into their respective fields:

Authorization URL - https://identity.nexar.com/connect/authorize

Access Token URL - https://identity.nexar.com/connect/token

4) Next you must input your client credentials into the "Client ID" and "Client Secret" fields, you can find your credentials in the Nexar portal under an application's authorization tab.

5) Make sure that the "Use PKCE" toggle is selected, the "Code Challenge Method" is listed as "SHA-256" and that the "Redirect URL" is set to https://api.nexar.com/graphql.

6) The next input is "Scope", for the design side you should input "openid design.domain user.access" but you can also add "supply.domain" to that list if the app has the supply scope too.

7) Scroll to the bottom of the tab and click "Fetch Token", then "Apply" to save your changes. If this went through without any errors you are now set up to make requests to the API.

Getting an Access Token Programmatically

For production applications, access tokens should be fetched programmatically using a post request.

Here's a simple python example for fetching a token to be used with supply queries:

import requests

client_id = "Your client id here"
client_secret = "Your client secret here"
token_url = "https://identity.nexar.com/connect/token"

token = requests.post(url=token_url, data={
    "grant_type": "client_credentials", 
    "client_id": client_id, 
    "client_secret": client_secret,
    "scope": "supply.domain"
}).json()

print(token)

We have further examples of fetching tokens and accessing the API programmatically on our NexarDeveloper GitHub. Specifically, we have a supply example and a design example that will help to show and inspire how you should build applications powered by the Nexar API.