Quickstart Guide

Getting Started with Dealerware API

Welcome to the Dealerware API Quickstart! Here's a structured guide to help you set up and make your first API call.

To utilize Dealerware's API, it's essential to possess your Client ID and Client Secret, which can be obtained from our team. If you do not have these credentials, please refer to the Get Your API Keys section for guidance on acquiring them.

Authentication with Access Token

We've enhanced our authentication schema to provide improved security. Here's how our updated Authentication works:

Dealerware API authenticates your requests using an Access Token, securely generated by our partner authenticator. If a request lacks a valid Access Token, the Dealerware API will reject the connection and return an authentication error.

How It Works

Your client application sends its credentials to the Authorization Server along with the issued Client Identity (Client ID, Client Secret).
The Authorization Server validates your application's credentials.
Upon successful validation, the Authorization Server will return an Access Token to your client application.
```
     The Authorization Server generates Access Tokens in JSON Web Token (JWT) format. 
  
```
Your application can use the Access Token to make requests to the Dealerware API. The API will validate the client.
Upon successful validation, the Dealerware API will return the requested resource.

All API calls must be made over HTTPS.
Your Client Identity carries access rights and associated privileges for accessing many of Dealerware's resources. Do not share them publicly.
Authentication to the Dealerware API is performed with the Bearer Authentication method defined in the Request Header.

Authenticating Your Application

Follow these steps to get your application authenticated with Dealerware API.

Direct your initial call to our new Authorization Server to obtain your Access Token. Here's a cURL example:


    curl POST 'https://dealerware.auth0.com/oauth/token' \
    --header 'content-type: application/json' \
    --data '{
        "client_id": "[Your Client ID]",
        "client_secret": "[Your Client Secret]",
        "audience": "https://api.dealerware.com", "grant_type": "client_credentials"
    }'

The initial call is directed to our third party authentication server dealerware.auth0.com, not to api.dealerware.com. Provide your client ID and secret in the specified fields.

Below is an example Response which returns the access token needed for subsequent calls:


     { 
       "access_token": "[Your Access Token here]",
       "expires_in": 86400,
       "token_type": "Bearer"
     }

Proceed with your regular calls to the Dealerware API, including the Access Token as part of the Request. Here's an example cURL command for accessing Dealerware's Location/Dealership API:
```
    curl --location 'https://api.dealerware.com/admin/dealerships/[Dealership ID]' \
    --header 'authorization: Bearer [Add your Access Token here]' \
    --header 'api-version: [the API Version for the API you want to use]' \
    --header 'Content-Type: application/json'
  
```
In subsequent calls, you no longer need to include your Client ID and Client Secret since you are already authenticated. You only need to include the Access Token obtained from the Authorization Server.

Questions?

If you have questions or need further assistance, please contact us:

Online: fill out the form at https://developer.dealerware.com/support.html
Email: write to us at partnersupport@dealerware.com