Download OpenAPI specification:
Partner-scoped read-only views over FG.AI WMS state. Bounded namespace for side-partner integrations per WMS ADR-0045 Path C.
Auth pattern: partner-bearer-JWT. Partners exchange
(partner_app_id, partner_app_secret) at POST /authenticate for a
short-lived JWT (RS256; signed via AWS KMS; verifiable via
/.well-known/jwks.json; default TTL 120 min) bounded to this namespace.
Format details, rotation policy, and JWKS distribution:
ADR-0045 §"Resolutions" §4.
This namespace is read-only. Partner-pushed writes use the EDI
partner-authentication pattern against pim/v1/, wms/v1/,
wms-docs/v1/ — not this namespace. Future endpoints under this
namespace require incremental ADR-0045 amendments.
Versioning: URL-segment versioning via /v1. Minor versions add
optional fields and new endpoints; patch versions are bug-fixes and
clarifications. Breaking changes ship as /v2. Pin generated clients
to a specific minor version.
Path C time-box: this namespace exists as an exception, not a third permanent integration topology. When FlexSync v1 GA's and all Path C partners migrate to FlexSync connectors, this namespace's surface area is frozen at its then-current shape pending FlexSync framework evaluation.
Partners exchange their (partner_app_id, partner_app_secret) for a
short-lived JWT bounded to wms-partners/v1/*. TTL is configurable
per partner via partner-registry config; default 120 minutes (matches
the original ADR-0045 §4 default).
On invalid credentials returns 401 with WWW-Authenticate: Bearer error="invalid_credentials". Partners SHOULD NOT retry on 401
immediately; they should verify credentials are correct and rotated
if necessary.
Token shape per ADR-0045 §"Resolutions" §4 (RS256 supersession):
alg: RS256 (algorithm header claim; verifiers MUST reject any
other value including none)kid: KMS key version that signed this token (used by verifiers
to select the matching JWKS entry during rotation windows)iss: partition-scoped issuer URL (e.g.
https://api.flexgalaxy.ai/wms-partners/v1)aud: wms-partners-v1sub: frn:wms:partner:{partner_code}tenant_id: present if the binding is active for a specific tenantscope: space-separated capabilities (e.g. wms-partners:inventory-delta:read)iat, exp, jtiVerifiers fetch the public key from /.well-known/jwks.json;
validation is fully local after the first JWKS fetch. Cache TTL
300s. Tokens are partition-scoped: a token minted in intl cannot
be validated against the CN JWKS endpoint, and vice versa.
| partner_app_id required | string Partner application identifier provisioned by FG.AI partner-registry. |
| partner_app_secret required | string <password> Partner application secret. SHOULD NOT be logged. |
{- "partner_app_id": "rta_appId",
- "partner_app_secret": "rta_appSecret"
}{- "access_token": "string",
- "token_type": "Bearer",
- "expires_in": 7200,
- "scope": "wms-partners:inventory-delta:read wms-partners:authenticate"
}Returns the JSON Web Key Set (RFC 7517) containing the current and previous-rotation-window RSA public keys used to verify wms-partners/v1 JWTs.
Cache policy: Cache-Control 300s. Verifiers SHOULD cache the
JWKS for the duration of the Cache-Control header and refresh on
kid not found (handles KMS key version bumps within the cache
window).
Partition-scoping: this endpoint is partition-scoped. A token
issued by intl is verifiable only against the intl JWKS; the CN
JWKS will return 404 for the intl token's kid. See ADR-0045
§"Resolutions" §4 (RS256 supersession) §6.
Hosting: served by partner-registry-service in v1.x; a future
non-breaking move to the gateway/edge layer changes only the URL
seen by service-discovery, not the contract returned here.
{- "keys": [
- {
- "kty": "RSA",
- "use": "sig",
- "alg": "RS256",
- "kid": "alias/wms-partner-registry-jwt-intl-prod/1",
- "n": "string",
- "e": "AQAB",
- "x5c": [
- "string"
]
}
]
}Returns a paginated change-log of inventory movements scoped to the
partner's tenant-of-record as recorded in partner_tenant_binding.
Backed by wms.movement.*.v1 event projections in reporting-service
with partner-scope filtering applied.
Pagination via next_cursor. If next_cursor is null, you have
consumed all deltas up to until. Subsequent polls should pass the
previous until as the next since.
Pagination bound: limit caps at 1000. Larger windows split across
multiple cursor pages.
Time bound: since MUST be within the configured retention window
(default 7 days; per-partner configurable in partner-registry).
Requests for older windows return 400 with the configured retention
bound in the problem detail.
| since required | string <date-time> Example: since=2026-05-29T08:00:00Z Inclusive lower bound on |
| limit | integer [ 1 .. 1000 ] Default: 100 Maximum number of deltas to return per page. Default 100, max 1000. |
| cursor | string Opaque pagination cursor from a previous response's |
{- "since": "2019-08-24T14:15:22Z",
- "until": "2019-08-24T14:15:22Z",
- "next_cursor": "string",
- "deltas": [
- {
- "sku_code": "SKU-12345",
- "location_code": "A01-01-01",
- "qty_delta": "+8.000",
- "movement_type": "RECEIVE",
- "occurred_at": "2026-05-29T08:02:14.000Z",
- "source_movement_id": "frn:wms:intl:movement/MV-2026-04823",
- "lot_code": "string",
- "serial_no": "string"
}
]
}Lightweight liveness check. Always returns 200 when the service process is up. Does NOT validate downstream dependencies — use this endpoint only as a load-balancer health probe.
{- "status": "UP",
- "service": "partner-registry-service",
- "version": "0.1.0-SNAPSHOT"
}