23 / Docs Suite · 15

Full docs scene

The complete docs page composition — breadcrumb, version selector, edit-on-GitHub banner, meta card, glossary inline, MDX body, TOC rail, changelog, feedback, related, and the footer nav row.

Production answer

Full docs scene is a reusable Oak Flats Muffler Men UI primitive with documented states, accessibility expectations, theme behavior, and implementation evidence.

Primary CTAReview Full docs scene states
Generative search brief

Full docs scene: The complete docs page composition — breadcrumb, version selector, edit-on-GitHub banner, meta card, glossary inline, MDX body, TOC rail, changelog, feedback, related, and the footer nav row.

Use case

What the real /docs/[surface]/[slug] route renders. Proves every primitive lines up without overlap, with or without the TOC rail visible.

This page documents how to issue a scoped trade-account API token. Before reading further, you should understand the the pricing engine enforces — token scopes are bound to that floor too.

Why this exists

The trade account API exists so supplier portals can read stock and write order intent without sitting in front of the Mufflermen workshop terminal. Every endpoint here is scoped per-supplier and audited.

Before you start

Pre-issued keys

Your portal admin pre-provisions two keys — one production, one sandbox. They never share the same prefix.

Sandbox env vars

Sandbox keys are prefixed sandbox_. Production keys are prefixed live_. Anything else is a forgery.

issue-token.shbash
curl -X POST https://trade.mufflermen.com.au/v2/tokens \
  -H "Authorization: Bearer $MUFFLERMEN_ADMIN_KEY" \
  -H "X-Mufflermen-Workshop: oak-flats" \
  -d '{"supplier":"magnaflow-anz","scopes":["stock.read","orders.write"]}'
error-envelope.diff
  "status": 400,  "error": "bad request"  "error": {    "code": "scope_not_allowed",    "scope": "billing.read"  }
TypeScriptts
import { TradeClient } from "@mufflermen/trade"

const client = new TradeClient({
  workshop: "oak-flats",
  adminKey: process.env.MUFFLERMEN_ADMIN_KEY!,
})

const token = await client.tokens.issue({
  supplier: "magnaflow-anz",
  scopes: ["stock.read", "orders.write"],
})

Rotation cadence

Grace window

Tokens rotate every 90 days. The old token is honoured for 24 hours after the new one is issued so portals can roll over without downtime.

Auditing access

Every call logs to audit.tokens.v2 with the calling IP, scopes used, and the supplier identifier. Logs retain for 18 months.

POST/v2/tokensTry in sandbox

Issue a scoped trade-account API token for one supplier portal.

Parameters

2 total
NameTypeRequiredDescription
supplierstringRequiredSupplier slug.
scopesstring[]RequiredAllowed scopes from stock.read, stock.write, orders.read, orders.write.

Related articles

3 picks
Trade Account API

Rotating supplier tokens without downtime

Use the 24-hour grace window to roll keys in production without a quiet hour.

6 min readReadOperator Manual

Audit log retention policy

Eighteen months hot, seven years cold. WorkSafe NSW gets the cold tier on demand.

4 min readReadPricing Engine

Magnaflow ANZ rebate stacking

Quarter-close settlement lands fourteen calendar days after the supplier ledger seals.

8 min readRead