Luxclusif Buyback Platform

Appearance

Authentication

Basics

Authentication and Authorization to the Buyback Platform APIs is done by providing ClientId and ClientSecret on a traditional OAuth 2.0 flow. The response will provide then an JSON body containing an access_token property that should be used as an Authorization header on further requests to the Buyback Platform APIs.

Buyback Platform requires that all communication with the APIs is secured over HTTPS, meaning that requests made via HTTP-only will fail.

Treat your client credentials as passwords — keep them secret, as they give full read/write access to your tenant within the Platform. The credentials should not be included in public repositories, emails, client-side code, etc. In case new credentials and/or a rotation is needed, please contact the Buyback Platform Team support.

Environments

Replace the {baseUrl} value below for the environment path you want to access:

  • Sandbox: https://sandbox-sts.luxclusif.com
  • Production: https://sts.luxclusif.com

Token Endpoint

POST {baseUrl}/connect/token

  • Request Type: multipart/form-data

Sellers (Trade-Ins/Suppliers) Authentication

  • Form Values:
    • grant_type=client_credentials
    • client_id=
    • client_secret=
    • scope=buyback buyback.partner
curl
curl -X POST \
-F 'grant_type=client_credentials' \
-F 'client_id={YOUR_CLIENT_ID}' \
-F 'client_secret={YOUR_CLIENT_SECRET}' \
-F 'scope=buyback buyback.partner' \
{baseUrl}/connect/token

Buyers Authentication

  • Form Values:
    • grant_type=client_credentials
    • client_id=
    • client_secret=
    • scope=buyback buyback.buyer
curl
curl -X POST \
-F 'grant_type=client_credentials' \
-F 'client_id={YOUR_CLIENT_ID}' \
-F 'client_secret={YOUR_CLIENT_SECRET}' \
-F 'scope=buyback buyback.buyer' \
{baseUrl}.luxclusif.com/connect/token

Authenticating Requests

For subsequent requests on the Buyback Platform APIs, simply include an Authorization header with the value of the token received as response under the access_token field from the Token Endpoint request:

  • Key: Authorization
  • Value: Bearer

To ensure a seamless and uninterrupted experience in accordance with our IP rate-limiting mechanism, please include the 'x-real-ip' header:

  • Key: x-real-ip
  • Value: