FG.AI WMS — Partner-scoped read surface (wms-partners/v1) (1.0.0)

Download OpenAPI specification:

URL: https://docs.flexgalaxy.ai/dev/wms/ License: LicenseRef-FGAI-Proprietary

Partner-scoped read-only views over FG.AI WMS state. Bounded namespace for side-partner integrations per WMS ADR-0045 Path C.

Auth pattern: partner-bearer-JWT. Partners exchange (partner_app_id, partner_app_secret) at POST /authenticate for a short-lived JWT (RS256; signed via AWS KMS; verifiable via /.well-known/jwks.json; default TTL 120 min) bounded to this namespace. Format details, rotation policy, and JWKS distribution: ADR-0045 §"Resolutions" §4.

This namespace is read-only. Partner-pushed writes use the EDI partner-authentication pattern against pim/v1/, wms/v1/, wms-docs/v1/ — not this namespace. Future endpoints under this namespace require incremental ADR-0045 amendments.

Versioning: URL-segment versioning via /v1. Minor versions add optional fields and new endpoints; patch versions are bug-fixes and clarifications. Breaking changes ship as /v2. Pin generated clients to a specific minor version.

Path C time-box: this namespace exists as an exception, not a third permanent integration topology. When FlexSync v1 GA's and all Path C partners migrate to FlexSync connectors, this namespace's surface area is frozen at its then-current shape pending FlexSync framework evaluation.

auth

Partner credential exchange

Exchange partner credentials for a JWT

Partners exchange their (partner_app_id, partner_app_secret) for a short-lived JWT bounded to wms-partners/v1/*. TTL is configurable per partner via partner-registry config; default 120 minutes (matches the original ADR-0045 §4 default).

On invalid credentials returns 401 with WWW-Authenticate: Bearer error="invalid_credentials". Partners SHOULD NOT retry on 401 immediately; they should verify credentials are correct and rotated if necessary.

Token shape per ADR-0045 §"Resolutions" §4 (RS256 supersession):

  • alg: RS256 (algorithm header claim; verifiers MUST reject any other value including none)
  • kid: KMS key version that signed this token (used by verifiers to select the matching JWKS entry during rotation windows)
  • iss: partition-scoped issuer URL (e.g. https://api.flexgalaxy.ai/wms-partners/v1)
  • aud: wms-partners-v1
  • sub: frn:wms:partner:{partner_code}
  • tenant_id: present if the binding is active for a specific tenant
  • scope: space-separated capabilities (e.g. wms-partners:inventory-delta:read)
  • iat, exp, jti

Verifiers fetch the public key from /.well-known/jwks.json; validation is fully local after the first JWKS fetch. Cache TTL 300s. Tokens are partition-scoped: a token minted in intl cannot be validated against the CN JWKS endpoint, and vice versa.

Request Body schema: application/json
required
partner_app_id
required
string

Partner application identifier provisioned by FG.AI partner-registry.

partner_app_secret
required
string <password>

Partner application secret. SHOULD NOT be logged.

Responses

Request samples

Content type
application/json
{
  • "partner_app_id": "rta_appId",
  • "partner_app_secret": "rta_appSecret"
}

Response samples

Content type
application/json
{
  • "access_token": "string",
  • "token_type": "Bearer",
  • "expires_in": 7200,
  • "scope": "wms-partners:inventory-delta:read wms-partners:authenticate"
}

JSON Web Key Set for partner-JWT verification

Returns the JSON Web Key Set (RFC 7517) containing the current and previous-rotation-window RSA public keys used to verify wms-partners/v1 JWTs.

Cache policy: Cache-Control 300s. Verifiers SHOULD cache the JWKS for the duration of the Cache-Control header and refresh on kid not found (handles KMS key version bumps within the cache window).

Partition-scoping: this endpoint is partition-scoped. A token issued by intl is verifiable only against the intl JWKS; the CN JWKS will return 404 for the intl token's kid. See ADR-0045 §"Resolutions" §4 (RS256 supersession) §6.

Hosting: served by partner-registry-service in v1.x; a future non-breaking move to the gateway/edge layer changes only the URL seen by service-discovery, not the contract returned here.

Responses

Response samples

Content type
application/jwk-set+json
{
  • "keys": [
    ]
}

inventory

Partner-scoped inventory delta queries

Paginated inventory change-log scoped to the partner tenant

Returns a paginated change-log of inventory movements scoped to the partner's tenant-of-record as recorded in partner_tenant_binding. Backed by wms.movement.*.v1 event projections in reporting-service with partner-scope filtering applied.

Pagination via next_cursor. If next_cursor is null, you have consumed all deltas up to until. Subsequent polls should pass the previous until as the next since.

Pagination bound: limit caps at 1000. Larger windows split across multiple cursor pages.

Time bound: since MUST be within the configured retention window (default 7 days; per-partner configurable in partner-registry). Requests for older windows return 400 with the configured retention bound in the problem detail.

Authorizations:
PartnerBearerToken
query Parameters
since
required
string <date-time>
Example: since=2026-05-29T08:00:00Z

Inclusive lower bound on occurred_at. RFC 3339 timestamp.

limit
integer [ 1 .. 1000 ]
Default: 100

Maximum number of deltas to return per page. Default 100, max 1000.

cursor
string

Opaque pagination cursor from a previous response's next_cursor. Omit on the first page.

Responses

Response samples

Content type
application/json
{
  • "since": "2019-08-24T14:15:22Z",
  • "until": "2019-08-24T14:15:22Z",
  • "next_cursor": "string",
  • "deltas": [
    ]
}

health

Liveness/readiness probes

Service liveness

Lightweight liveness check. Always returns 200 when the service process is up. Does NOT validate downstream dependencies — use this endpoint only as a load-balancer health probe.

Responses

Response samples

Content type
application/json
{
  • "status": "UP",
  • "service": "partner-registry-service",
  • "version": "0.1.0-SNAPSHOT"
}