Prerequisites
- An ION organization.
- An API key for machine-to-machine integrations, or OAuth credentials for user-facing applications. For how to obtain each, see Authentication.
- A tool that can make HTTPS POST requests with JSON bodies, such as
curl,httpie, or Postman. - Familiarity with GraphQL.
The endpoint
All API requests go to one endpoint:Get an access token
If you have an API key, exchange it for a short-lived access token through your auth provider’s client-credentials grant. For a reusable pattern, see the Build an API client. If you use OAuth 2.0, complete the authorization code flow in Authenticate with OAuth 2.0. After the user signs in, your callback receives anaccess_token.
Both paths give you a JWT string. Treat it like a password.
Make your first request
A minimal “who am I?” query confirms the token works:- cURL
- Python
errors payload instead, see Error codes and its 401 table.
Query data
Once auth works, try a domain query. Listing parts is a good first test because it touches inventory, the most common integration target:- cURL
- Python
me again to confirm the token is valid. Then check the admin UI for data.
Pick your next page
You now have a working integration. Where to go next depends on what you’re building:| If you’re… | Go to |
|---|---|
| Building a reusable API client | Build an API client |
| Working through common queries and mutations | Example requests |
| Building real-time event-driven integrations | Set up webhooks |
| Uploading files, such as procedure attachments and run artifacts | Upload a file |
| Mapping ION’s data model into your system | Data model |
| Hitting a 403 or unfamiliar error | Error codes |
| Testing without affecting production | Sandbox |
| Taking an integration to production | Build a production integration |