ERP REST interfaces – Authentication

Access token must be obtained to successfully call API methods. Result of successful authentication and authorization is received access token. Validity of the token is 1 minute; afterwards new token must be obtained. Ways how to get the access token are described in this article.

Authentication via API key

For successful authorization/authentication, API key could be used. There can be unlimited number of API keys which could be shared with third party integration projects. API key grants access to API only (including BI interfaces) and do not grant access to any other part of application.

Manage API keys

To create or get API key, navigate to Integration option of Administration menu. From available integration options, select API Keys.

If user is not granted with AP permission Manage integrations, the Integration option is not available in the Administration menu.

In opened list, open detail of existing key or create a new key. All keys provides the same access level for:

• batch operations API (like vendor or purchase order creation) and
• BI interfaces.

Each key can have limited validity set. After that date, key will not be authorized to get a new access token. To renew expired key, new expiration date can be set for that key, allowing the key to be valid again until the new date. If key has no date set, it will be valid forever.

To get the key, open key detail and copy Key value from the opened detail.

Get access token

Authorization of the key is performed by calling dedicated API method as described bellow. Result of the authorization is an access token, which can then be used to authorize API calls.

URL

{url}/adminportalidentity/connect/token

Type

POST

Header parameters

Content-Type

application/x-www-form-urlencoded

Body parameters

client_id

erp_client

client_secret

{API key}

grant_type

client_credentials

scope

erp_api

Parts marked in {bold} must be replaced with following information:

Response example

{
\"access_token\": \"{access_token}\",
\"expires_in\": 3600,
\"token_type\": \"Bearer\"
}

Result of the call is {access_token}, which is used for calling of API methods. For each API call, {access_token} must be added to a header of the call as:

Authorization

Bearer {access_token}

Authentication via user [obsolete]

This type of authentication utilizes user with role “API users” to obtain access token. Username and password must be provided and the user must have role “API users” assigned in order to pass authorization. Result of successful authentication and authorization is received access token. Validity of the token is 1 minute; afterwards new token must be obtained.

Authentication is performed by calling dedicated API method as described bellow.

URL

{url}/adminportalidentity/connect/token

Type

POST

Header parameters

Content-Type

application/x-www-form-urlencoded

Body parameters

client_id

erp_client

client_secret

{secret}

grant_type

password

scope

erp_api

username

{customerShortName}\\{userName}. Example dummy\\user

password

{password}

acr_values

Customer shortname passed in format tenant:{customerShortName}. Example tenant:dummy

Parts marked in {bold} must be replaced with following information:

Response example

{
\"access_token\": \"{access_token}\",
\"expires_in\": 3600,
\"token_type\": \"Bearer\"
}

Result of the call is {access_token}, which is used for calling of API methods. For each API call, {access_token} must be added to a header of the call:

Authorization

Bearer {access_token}