Rest and OAuth
Gastón Salomone
5-20-20
Operating system: Windows
Hi,

I working on some project and I want to understand how to request Rest API data using OAuth. I only found a webinar related to FlexBI but I need to do develop a custom solution. Is there any example in any language/CURL/Postman where I can see the steps once obtained the Access Token to pass that token to rest api.

Since the RestAPI examples send parameters through GET is it posible to use POST ?

Thanks
Pijus Juodis
5-20-20
Hello,

I could not find the documentation for OAuth authorisation, but it works as follows:

1. You need to setup Developer Credentials in MyStandard portal for your StandardID

2. In the Allowed Redirects specify the URL that StandardID will be redirecting after user logs in with StandardID and Password


3. From the custom solution, whenever something triggers the Authorisation, it needs to:
- Redirect to https://standard-id.hansaworld.com/oauth-authorize with the following GET parameters:
- client_id = Client ID from Developer Credentials in MyStandard
- redirect_uri = Your app URL that will handle the callback from StandardID server after logging in
- access_type = must be "offline"
- response_type = must be "code"

4. After redirecting user to the URL generated in step 3, the user will have to login using his StandardID and Password

5. If the login is successful, StandardID will redirect the user to your redirect_uri with GET parameter:
- code = Authorisation Code

6. Next, your redirect_uri should handle the exchange of Authorisation Code to OAuth Token:
- It will have to make call to https://standard-id.hansaworld.com/oauth-token with the following POST parameters:
- client_id = Client ID from Developer Credentials in MyStandard
- client_secret = Client Secret from Developer Credentials in MyStandard
- redirect_uri = Your app URL that will handle the callback from StandardID that will contain the token

- code = Authorisation Code you got in step 5

- grant_type = must be "authorization_code"


7. If the request is successful, StandardID will redirect the user to your redirect_uri with the JSON response that looks as follows:
{
"access_token": [access token],
"token_type": "bearer",
"expires_in": 3600,
"refresh_token": [refresh token]

}

8. If the request is not successful, StandardID will redirect the user to your redirect_uri with GET parameter:
- error = server_error
(I am not sure how many different errors do we have)

9. Each next API request must have the access token specified in the header of the request:
Authorization: Bearer [access_token]


If you would like to test yourself, you can use Google's Developers Playground as one of the tools. To configure:
1. Configure Developer Credentials for your Standard ID in MyStandard. Allowed Redirects should be:
- https://developers.google.com/oauthplayground

2. Go to: https://developers.google.com/oauthplayground/

3. Configure the settings as follows:
- OAuth flow = Server-side
- OAuth endpoints = Custom
- Authorization endpoint = https://standard-id.hansaworld.com/oauth-authorize
- Token endpoint = https://standard-id.hansaworld.com/oauth-token
- Access Token Location = Authorization Header w/ Bearer prefix
- OAuth Client ID = Client ID from Developer Credentials in MyStandard
- OAuth Client Secret = Client Secret from Developer Credentials in MyStandard

4. After configuring this, enter anything in the Step 1 Select & Authorize APIs >> Input your own scopes and press Authorize APIs

5. You should be redirected to Standard ID login page, so perform the login

6. You will be brought back to Step 2, with Authorization Code filled in. Press Exchange authorization code for tokens

7. Then you will be brought to Step 3, from which you can make API GET, POST, PATCH requests with OAuth to Standard ERP
Gastón Salomone
5-27-20
Hi,

Thanks for the information, now I can see that the information is also updated in REST documentation.

I´m looking for how to modify data, There is an example of how to execute RecordNew but what about RecordUpdate, How I can update data in existing records.

Regards
Pijus Juodis
5-28-20
Hello,

There is documentation about how the requests should look like with examples.

You can find more details here: http://www.hansamanuals.com/main/english/version___85/manuals/theconf___602/mailnumber___61037/shortcode___HW0801TECH_REST_API/hwconvindex.htm
Gastón Salomone
5-28-20
Thanks

I didn´t notice that hansamanuals were updated.

Regards
Leave Comment
You can subscribe to notifications for this post by selecting the 'star' icon on the top right corner of the post.
Back to the list
Latest Posts
David Delač
Hi Piotr, The log entry:
2024-12-14 08:40:43 0.000 CallHal(IsHansaWorldCustomer) appears because the server is running with the verbosity=debug-detailed setting in its parameters.txt file. Thi...
09:43 16 Dec 2024
Brittany McGrath
Hi Vaughn, I can confirm this has been fixed now and is live in Standard ERP 2024-11-20 Version: 85556786. Thank you. ...
10:04 10 Dec 2024