Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.lms.bsa.ai/llms.txt

Use this file to discover all available pages before exploring further.

Token issuance is handled by a separate auth host. Every request to this API must include a valid JWT issued there in the Authorization header.
If you don’t have a token yet, head to Authorization for the credential and token-issuance flow first, then come back here for the per-call mechanics.

Headers

Authorization: Bearer <jwt>
Content-Type: application/json

Authorization rule

All partner-facing endpoints require the admin role. Non-admin tokens receive 401 Unauthenticated — the same code is used for both missing/invalid tokens and unauthorized roles.

Token lifecycle

  • Tokens have a finite TTL set by the auth host.
  • Tokens are not refreshed by this API. When a token expires, obtain a new one from the auth host.
  • Revocation is handled at the auth host.

Common auth errors

StatusCodeCause
401unauthenticatedMissing, malformed, or expired token; subject lacks admin claim

Example

curl -sf "$BASE/v1/customers" \
  -H "Authorization: Bearer $TOKEN"
If you get 401 unauthenticated on a known-good token, the most common cause is that the token was issued by a different auth realm than the one this deployment trusts. Contact your integration representative to verify.