Jump to content

Is it possible to avoid N OAuth requests if you are logged in to the top level and need to log in to an entity scope?


 Share

Recommended Posts

Velixo is a reporting add-in, which means that most of the time, the user can log in to the company level (without specifying an entity) – they'll still be able to retrieve all data they have access to through the API. Therefore, in our connection set-up window, for simplicity, we don't even expose an "entity" field.

The only exception when we're being "smart" is the push-back scenarios when we update records in Sage Intacct: whenever one of the dimensions used is entity-scoped, we:

  • Temporarily change the user's session to an entity-scoped session. We can do that because we have the session ID / user credentials.
  • Write back the record
  • Change session back to the company level

I spoke to both @Louis Sterio2 and Karsten about this but obtained mixed understanding whether a trick like this is possible with the REST API with an Intacct OAuth flow (very important, not username/password). 

So my question is this: is it possible, with the REST API, to seamlessly exchange company-scoped bearer token to an entity-scoped bearer token, and vice versa?

If not, I guess it's not a question but a feature request, because the absence of such functionality will break our flow once we upgrade to the REST API...

 

Edited by Pavel Kabir
Link to comment
Share on other sites

  • Members

I met with the engineering team, and they've confirmed a solution exists. I'll share the specifics once I have them.

Additionally, this can be accomplished through the XML API. I'll provide the details shortly, and we'll ensure they are properly documented.

Link to comment
Share on other sites

  • Members

Here is information on how you can exchange a refresh token for an entity level token

 

Create Access Token - Refresh Token Grant Type

  • Endpoint: https://<apiurll>/api/v1-beta2/oauth2/token

  • HTTP Method: POST

  • Parameters:

    • grant_type: refresh_token

    • refresh_token:

    • client_id:

    • client_secret:

    • location_id: the access token will be created for this location

      • optional for multi-entity companies

      • Obtain a top-level access token in the absence of a location_id

  • Sample Request and Response:

    •  
       

      curl --location --request POST 'https://<apiurll>/api/v1-beta2/oauth2/token/api/v1-beta2/oauth2/token' \ --header 'Content-Type: application/json' \ --data-raw '{ "grant_type": "refresh_token", "refresh_token": "********",

      "client_id": "******",

      "client_secret": "*******",

      "location_id": "Central Region" }'

    •  
       
      { "token_type": "Bearer", "access_token": "******", "expires_in": 21600 }
Link to comment
Share on other sites

 Share

×
×
  • Create New...