Guides
Home
Start typing to search…

Introduction to Authentication

To access Dealerware's API, you'll need to securely authenticate your requests. This process starts by obtaining your Client ID and Client Secret, which serve as your unique credentials. These keys are critical for API access, so ensure they are stored securely and never shared in public repositories or client-side code.

Dealerware's authentication process relies on generating an Access Token through our trusted authentication server. All interactions with our API require a valid token, ensuring secure, authorized access to resources. Always use HTTPS for all API calls to maintain data security and integrity.

This guide will walk you through each step of the authentication process, from requesting API credentials to securely making authenticated requests. For additional help, feel free to reach out to our support team at partnersupport@dealerware.com.

Request API Credentials

Get Your API Keys

To use Dealerware's API, you must first obtain your Client ID and Client Secret from our support team. If you have not yet received these credentials, please contact us at partnersupport@dealerware.com.

Keep Your API Keys Secure

Your API keys are the gateway to our services, so it's crucial to keep them confidential. Never expose your Client ID or Secret in public-facing areas, including version control systems, client-side code, or shared documents. Treat them as sensitive information.

How Our Security Works

Dealerware's API leverages an Access Token for authentication, generated securely by our partner authentication service. If a request is missing or has an invalid Access Token, it will be rejected, resulting in an authentication error.

The diagram below illustrates the authentication sequence:

Sequence diagram showing how the authentication process works.

Authentication Sequence

Authentication Flow

  1. Your client application submits its credentials (Client ID & Client Secret) to the Authorization Server.
  2. The Authorization Server validates your application's credentials.
  3. Upon successful validation, it issues an Access Token in JSON Web Token (JWT) format.
  4. Your application uses this Access Token to make requests to the Dealerware API.
  5. If the token is valid, the Dealerware API processes the request and returns the requested data.

Making API Requests

  • Use HTTPS for all API requests to ensure secure data transmission.
  • Your Client Identity carries access permissions for many of Dealerware's resources. Handle it with care and keep it private.
  • API authentication is handled through the Bearer Authentication method, which should be included in the Authorization header of your API requests.

Authenticating Your Application

Once you have your Client ID and Client Secret, direct the initial request to our authentication server: dealerware.auth0.com. This step should NOT involve api.dealerware.com. Provide your credentials as specified.


Subsequent calls to the Dealerware API only require the Access Token received from the Authorization Server. You do not need to resend your Client ID or Client Secret after initial authentication.

For further assistance, please visit our online help desk or reach out via email at partnersupport@dealerware.com.

Updated 3 months ago