Versions Compared

Old Version 1

changes.mady.by.user Elvis Kvalbergs

Saved on

compared with

New Version 2

changes.mady.by.user Elvis Kvalbergs

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

The API uses the access rights for the user. The user must be able to navigate to and open the register in a normal client and must thus have access to both a module the register is in , and the register itself. For registers that do not appear in any module a customisation to make them appear in some module is needed. Examples of such registers are RHistVc, MailVc,

...

  • The default access for HAL functions is off
  • The default access for the "api" path is login required
  • For all other resources, it is public.

If the user has been restricted in viewing some fields on a register, for example with the "view cost price" access, he can still retrieve this field via the API and should thus not have access to it. This is the same as for exports.

...

http://hostname/api/1/IVVc?deletes_after=5000

Writing Data to Standard ERP

Functionally RecordNew will be called, then each set command will be called in order with it's respective window actions (to fill e.g. customer's name and payment terms). Finally, the record will be inserted calling the same record actions as if a user did it with a client. There is no limit to the number of set commands you can issue, they can be either in the url or in post data. Only fields with non-default (non blank) data is returned.

Note the "url" parameter that uniquely identifies the created record. If you have more than one field in the main key these fields will be separated by '/'. If the main key contains special characters they will be url encoded.

In case of any messages that user would receive when entering the data manually, these messages will be returned in the following format: <message description='message_text'></message>

In case of error, while inserting/updating a record, the following will be returned: <error code='error_code' description='error description' row='row_no' field='field_name'></error>


POST


To create new records you POST to the registers. The 'set' commands have the same syntax and functionality as with POST.


Example:
curl -X POST 'http://SJ:@127.0.0.1:8080/api/1/IVVc?set_field.CustCode=001&set_row_field.0.ArtCode=10101&set_row_field.0.Quant=3';


The reply will be in this format:





				<data  register="IVVc" sequence="9693" url="/api/1/IVVc/10000014" systemversion="8.5.15.5"
					<IVVc>
						<SerNr>10000010</SerNr>
						<InvDate>2018-05-30</InvDate>
						<CustCode>001</CustCode>
						<Math></Math>
						<PayDate>2018-06-29</PayDate>
						<Addr0>Against All Odds Trading Co</Addr0>
						...
						<rows>
							<row rownumber="0">
								<stp>1</stp>
								<ArtCode>10101</ArtCode>
								<Quant>3</Quant>
								<Price>25.00</Price>
								<Sum>71.25</Sum>
								...
							</row rownumber="0">
							...
						</rows>
						...
					</IVVc>
				</data>




This will create a new invoice for 001 customer, adding 3 10101 items.


PATCH


To change an existing record you PATCH the url given in the POST command.


Example:
curl -X PATCH 'http://SJ:@127.0.0.1:8080/api/1/IVVc/10000014?set_row_field.0.Quant=100'


The reply will be in the same format:





				<data  register="IVVc" sequence="9729" url="/api/1/IVVc/10000014" systemversion="8.5.15.6">
					<IVVc>
						<SerNr>10000014</SerNr>
						...
						<rows>
							<row rownumber="0">
								<stp>1</stp>
								<ArtCode>10101</ArtCode>
								<Quant>100</Quant>
								<Price>25.00</Price>
								<Sum>2375.00</Sum>
								...
							</row rownumber="0">
							...
						</rows>
						...
					</IVVc>
				</data>




This will change the quantity to 100.


OAuth authentication


To set up a 3rd party application to use OAuth with REST API, the following steps need to be made:


  • Step 1: Setup new Developer Credentials in MyStandard portal for your StandardID. To do that, go to:
    MyStandard >> More >> Developer Credentials and add a new record
  •  Step 2: In the new record >> Allowed Redirects specify the URL that StandardID will be redirecting after user logs in with StandardID and Password (a callback URL)
  • Step 3: From the 3rd party application, whenever something triggers the Authorisation, it needs to Redirect to:
    https://standard-id.hansaworld.com/oauth-authorize with the following GET parameters:
    
 - client_id = Client ID from Developer Credentials in MyStandard
    
 - redirect_uri = Your application URL that will handle the callback from StandardID server after logging in
    
 - access_type = must be "offline"
    
 - response_type = must be "code"
  • Step 4: After redirecting user to the URL generated in step 3, the user will have to login using his StandardID and Password
  • Step 5: If the login is successful, StandardID will redirect the user to the specified redirect_uri with GET parameter:
    
 - code = Authorisation Code
  • Step 6: Next, the redirect_uri should handle the exchange of Authorisation Code to OAuth Token:
    
 - Application has to make a call to https://standard-id.hansaworld.com/oauth-token with the following POST parameters:
    
 - client_id = Client ID from Developer Credentials in MyStandard
    
 - client_secret = Client Secret from Developer Credentials in MyStandard
    
 - redirect_uri = Application's URL that will handle the callback from StandardID that will contain the token
    
 - code = Authorisation Code received in step 5
    
 - grant_type = must be "authorization_code"
  • Step 7: If the request is successful, StandardID will redirect the user to the redirect_uri with the JSON response that looks as follows:
  • 
				{
					"access_token": [access token],
					"token_type": "bearer",
					"expires_in": 3600,
					"refresh_token": [refresh token]
				}
  • Step 8: If the request is not successful, StandardID will redirect the user to the redirect_uri with GET parameter:
    
 - error = server_error
  • Step 9: Each next API request must have the access token specified in the header of the request:
    
Authorization: Bearer [access_token]


If you would like to test the OAuth, you can use Google's Developers Playground as one of the tools.
To configure:


  • Step 1: Configure Developer Credentials for your Standard ID in MyStandard. Allowed Redirects should be:
    
 - https://developers.google.com/oauthplayground
  • Step 2: Go to: https://developers.google.com/oauthplayground/
  • Step 3: Configure the settings as follows:
    
 - OAuth flow = Server-side
    
 - OAuth endpoints = Custom
    
 - Authorization endpoint = https://standard-id.hansaworld.com/oauth-authorize
    
 - Token endpoint = https://standard-id.hansaworld.com/oauth-token
    
 - Access Token Location = Authorization Header w/ Bearer prefix
    
 - OAuth Client ID = Client ID from Developer Credentials in MyStandard
    
 - OAuth Client Secret = Client Secret from Developer Credentials in MyStandard
  • Step 4: After configuring this, enter anything in the Step 1 Select & Authorize APIs >> Input your own scopes and press Authorize APIs
  • Step 5: You should be redirected to Standard ID login page, so perform the login
  • Step 6: You will be brought back to Step 2, with Authorization Code filled in. Press Exchange authorization code for tokens
  • Step 7: Then you will be brought to Step 3, from which you can make API GET, POST, PATCH requests with OAuth to Standard ERP