> For the complete documentation index, see [llms.txt](https://docs.capedatahub.com/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.capedatahub.com/cape-stock-api-documentation.md).

# CAPE Stock API Documentation

### Introduction <a href="#introduction" id="introduction"></a>

This document serves as a comprehensive guide to utilising the CAPE Stock API. It outlines the required payloads for successful API calls and provides examples of payloads returned in the case of unsuccessful requests.

<a class="button secondary"></a>

Additionally, it details the API's authorisation process to ensure secure and authenticated calls.

<a class="button secondary"></a>

### Security <a href="#security" id="security"></a>

#### **1. Client Authentication (First Request)** <a href="#id-1.-client-authentication-first-request" id="id-1.-client-authentication-first-request"></a>

**What's Happening?**

* A **POST request** is made to the authentication API (/api/ClientAuthentication).

  <a class="button secondary"></a>
* The **client's username and password** are sent as x-www-form-urlencoded data.

  <a class="button secondary"></a>
* If credentials are valid, the server responds with a **token (JWT - JSON Web Token)**.

  <a class="button secondary"></a>

**Security Considerations**

* **Authentication process:** The client must prove their identity by providing credentials.

  <a class="button secondary"></a>
* **Token Issuance:** The server generates a signed JWT token upon successful authentication.

  <a class="button secondary"></a>
* **Token Content:** The JWT might contain user details and permissions, encoded and signed (but not encrypted).

  <a class="button secondary"></a>

**URL:**

<a class="button secondary"></a>

QA

<a class="button secondary"></a><a class="button secondary">Ask</a><a class="button secondary">Copy</a>

```
https://dev-icon.cloud:9525/api/ClientAuthentication
```

PROD

<a class="button secondary"></a><a class="button secondary">Ask</a><a class="button secondary">Copy</a>

```
https://prosol.cloud:9525/api/ClientAuthentication
```

**Method:**

<a class="button secondary"></a>

* ClientAuthentication: Retrieve bearer token.

  <a class="button secondary"></a>
* Action: POST

  <a class="button secondary"></a>

<img src="https://prosolutions-integration.gitbook.io/cape-stock-api-documentation/~gitbook/image?url=https%3A%2F%2F3663426312-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252Fw8eQ6NWcjGOaldmSgsU5%252Fuploads%252FRTBmaUnlgIA4gIIGa8Zb%252Fimage.png%3Falt%3Dmedia%26token%3D75242659-4442-46da-8a56-2c30292ece62&#x26;width=768&#x26;dpr=3&#x26;quality=100&#x26;sign=a33a396b&#x26;sv=2" alt="" height="750" width="1485">

#### **2. Making API Requests with the Bearer Token** <a href="#id-2.-making-api-requests-with-the-bearer-token" id="id-2.-making-api-requests-with-the-bearer-token"></a>

**What's Happening?**

* The **Bearer Token** received from authentication is used in the **Authorisation** header of the API request.

  <a class="button secondary"></a>
* A **POST request** is made to another API (/api/CAPEStockAPI) with JSON body parameters.

  <a class="button secondary"></a>
* The server verifies the **validity of the token** before allowing access.

  <a class="button secondary"></a>
* If valid, the server returns a **200 OK** response with the requested data.

  <a class="button secondary"></a>

**Security Considerations**

* **Authorisation:** Only authenticated users with a valid token can access protected endpoints.

  <a class="button secondary"></a>
* **Token Expiry:** JWTs typically have an expiration time, after which they must be refreshed.

  <a class="button secondary"></a>
* **Token Storage:** Storing tokens securely (e.g., in an encrypted store) is crucial to prevent leaks.

  <a class="button secondary"></a>
* **Replay Attacks:** If an attacker gets the token, they can make requests unless mitigations like token expiration or refresh tokens are in place.

  <a class="button secondary"></a>

<img src="https://prosolutions-integration.gitbook.io/cape-stock-api-documentation/~gitbook/image?url=https%3A%2F%2F3663426312-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252Fw8eQ6NWcjGOaldmSgsU5%252Fuploads%252FdVs2W6K4H2AB9y7SHsFZ%252Fimage.png%3Falt%3Dmedia%26token%3D349d2bb9-1ddb-40e0-91aa-a2612e0ac70a&#x26;width=768&#x26;dpr=3&#x26;quality=100&#x26;sign=13063db2&#x26;sv=2" alt="" height="495" width="1543">

#### **3. API Response Validation** <a href="#id-3.-api-response-validation" id="id-3.-api-response-validation"></a>

**What's Happening?**

* The response from the CAPEStockAPI confirms that the request was authorised.

  <a class="button secondary"></a>
* The API returns structured **JSON data** about vehicle stock details.

  <a class="button secondary"></a>
* The token ensures that only authorised users retrieve this information.

  <a class="button secondary"></a>

**Security Best Practices**

* **Use HTTPS:** Always send tokens over an encrypted connection.

  <a class="button secondary"></a>
* **Implement Token Expiry & Refresh Mechanism:** Prevent long-lived access.

  <a class="button secondary"></a>
* **Restrict Token Scope:** Assign permissions based on user roles.

  <a class="button secondary"></a>
* **Monitor and Revoke Tokens if Compromised.**

  <a class="button secondary"></a>

### Endpoints <a href="#endpoints" id="endpoints"></a>

#### Get Dealer Vehicle Stock information <a href="#get-dealer-vehicle-stock-information" id="get-dealer-vehicle-stock-information"></a>

**Description:**

<a class="button secondary"></a>

This endpoint will be used for all Stock vehicle information retrieval operations, and in this case, in order to retrieve vehicle information for each dealer using a unique identifier, dealer code and vehicle status.

<a class="button secondary"></a>

**URL:**

<a class="button secondary"></a>

QA

<a class="button secondary"></a><a class="button secondary">Ask</a><a class="button secondary">Copy</a>

```
https://dev-icon.cloud:9528/api/CAPEStockAPI
```

PROD

<a class="button secondary"></a><a class="button secondary">Ask</a><a class="button secondary">Copy</a>

```
https://prosol.cloud:9528/api/CAPEStockAPI
```

**Method:**

<a class="button secondary"></a>

* CAPEStockAPI: Get vehicle stock Information regarding a specific dealer from CAPE.

  <a class="button secondary"></a>
* Action: POST


---

# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.

## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter:

```
GET https://docs.capedatahub.com/cape-stock-api-documentation.md?ask=<question>&goal=<endgoal>
```

`ask` is the immediate question: it should be specific, self-contained, and written in natural language.
`goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal.

The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.
