Search In: Doc:Documentation: Altium Developer Center
Altium DesignerAltium 365Altium MCAD CoDesignerAltium On-Prem Enterprise ServerAltium CircuitMakerAltium CircuitStudioCompany DashboardAltium Infrastructure Server
Close
Search Search on Documentation

Authorization

Updated: May 21, 2026

The Octopart API uses OAuth 2.0 with the client_credentials grant – a machine-to-machine flow that does not require a user to log in. Your application exchanges a Client ID and Client Secret for a short-lived access token, then includes that token in every API request.

Getting Your Credentials

Credentials are managed in the developer portal:

  1. Sign in to portal.nexar.com.

  2. Open your application (or create one).

  3. Copy the Client ID and Client Secret.

Your Client Secret is shown once at creation time. If you lose it, you will need to generate a new one – the portal cannot show it again.

Requesting an Access Token

Send a POST request to the token endpoint with your credentials: 

curl -X POST https://identity.nexar.com/connect/token \
  -H "Content-Type: application/x-www-form-urlencoded" \
  -d "grant_type=client_credentials" \
  -d "client_id=CLIENT_ID" \
  -d "client_secret=CLIENT_SECRET" \
  -d "scope=supply.domain"

Parameter

Value

grant_type

client_credentials

client_id

Your application's Client ID

client_secret

Your application's Client Secret

scope

supply.domain

A successful response: 

{
  "access_token": "eyJhbGci...",
  "expires_in": 86400,
  "token_type": "Bearer"
}

Using the Token

Include the access token in the Authorization header of every GraphQL request: 

Authorization: Bearer ACCESS_TOKEN

Example: 

curl -X POST https://api.nexar.com/graphql \
  -H "Authorization: Bearer ACCESS_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{ "query": "{ supSearchMpn(q: \"LM358\", limit: 1) { hits } }" }'

Requests without a valid token, or with an expired token, will return an HTTP 401 Unauthorized response.

Token Expiry

Tokens expire after 24 hours (expires_in: 86400). Your application should track the expiry time and request a new token before the current one expires. There is no refresh token in the client_credentials flow – simply repeat the token request with your Client ID and Client Secret to get a new one.

A common pattern is to request a new token at startup and again whenever a 401 response is received.

Rotating Your Client Secret

If your Client Secret is compromised or you want to rotate it as a security practice:

  1. Go to your application in portal.nexar.com.

  2. Generate a new Client Secret.

  3. Update your application with the new secret.

  4. Existing tokens remain valid until they expire — no immediate disruption.

Do not embed credentials in client-side code or public repositories. Treat your Client Secret like a password.

 

If you find an issue, select the text/image and pressCtrl + Enterto send us your feedback.
Content