Jump to content

Is it possible to make requests to the API from Python?


Recommended Posts

Posted

Hi Miguel,

If you're referring to the Sage Business Cloud Accounting API's documented here, the answer is yes, it is possible to integrate with Python.

We're hoping to add some example applications written in Python and nodejs in the coming weeks. 

To obtain the authorization_code you will require an SBCA business, app registration client_id and client_secret and a registered callback url.

You'll then need to pass the  values as params to the  auth server in a GET request. The URL will look like this and contain the values specific to you application.
 https://www.sageone.com/oauth2/auth/central?filter=apiv3.1&&response_type=code&client_id=YourClientId&redirect_uri=YourRegisteredCallbackUrl&scope=full_access&state=AABBCCDD

If the params are recognised the auth server will direct you to select the country of the business you're going to authorise access for. Once the country is selected you'll then be asked to authorise using the email address and password of the business and allow access to the requesting application.

Once access is granted, the server then sends back the code to your registered callback url you would then exchange the code in a POST request to the token API for access_token and refresh_token.
 

The full document relating to authorisation can be found here. If you need to create a trial business for development and testing you can do so here


The python request to exchange the code would be similar to the below:

 

#Authorization code passed into the function, POST request made to obtain the token credentials, 
#which are set as session variables.
def exchange_code(code: str):
    headers = {
        "Content-Type": "application/x-www-form-urlencoded",
        "Accept": "application/json",
    }
    data = {
        "client_id": config.client_id,
        "client_secret": config.client_secret,
        "code": code,
        "grant_type": "authorization_code",
        "redirect_uri": config.redirect_uri,
    }
    response = requests.post(config.token_url, headers=headers, data=data)

    credentials = response.json()
    
    #Initialise all session variables and expiry times for the tokens.
    session["access_token"] = credentials["access_token"]
    session["refresh_token"] = credentials["refresh_token"]
    session["access_token_expires_in"] = credentials["expires_in"] 
    session["refresh_token_expires_in"] = credentials["refresh_token_expires_in"]
    session["token_expiry_time"] = str((datetime.now()) + timedelta(seconds=session["access_token_expires_in"]))
    session["refresh_token_expiry_time"] = str(datetime.now() + timedelta(seconds=credentials["refresh_token_expires_in"]))

Thanks

Mark

Posted

Hi Mark.

Thanks for your answer. My problem lies in obtaining the authentication code.

I have problems performing Authentication with OAuth 2.0 (pure Python), because verification requires login, but with code I can't send my credentials.

My code:

Quote
import requests
data = {'client_id':'my_client_id',
        'response_type':'code',
        'redirect_uri':'https://localhost:8123/auth/callback',
        'scopes':'full_access',
        'country': 'us',
        'locale':'es-US'
        }
 
headers={
'Upgrade-Insecure-Requests': '1',
'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Postman/9.31.0 Chrome/94.0.4606.81 Electron/15.5.7 Safari/537.36',
'Accept': 'text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9',
'Sec-Fetch-Site': 'none',
'Sec-Fetch-Mode': 'navigate',
'Sec-Fetch-User': '?1',
'Sec-Fetch-Dest': 'document',
'Accept-Encoding': 'gzip, deflate, br',
'Accept-Language': 'es'
}
 
s = requests.Session()
auth_url='https://www.sageone.com/oauth2/auth/central?filter=apiv3.1'
r = s.get(auth_url, data=data, headers = headers)
 
r.text

Regards,

Miguel.

Posted

Hi Miguel,

The restriction of not being able to pass the business credentials is not one of Python but one of the Sage Business Cloud Accounting oAuth implementation.

You can not complete the auth flow without the manual intervention of the user entering their Sage business credentials to authorise.
 

Thanks

Mark

  • Thanks 1
  • 4 months later...
Posted
On 9/20/2022 at 11:21 AM, Steel, Mark said:

> The restriction of not being able to pass the business credentials is not one of Python but one of the Sage Business Cloud Accounting oAuth implementation.

>You can not complete the auth flow without the manual intervention of the user entering their Sage business credentials to authorise.

This would appear to rule out using the Sage 200 API for any e-commerce integration which would need to be fully automated and unattended - what API is provided for that - and does Sage provide a confidential client OAUTH authentication option as per the RFC? 

Thanks,

Aaron

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now
×
×
  • Create New...