Jump to content
Aaron Trevena

Unattended / Confidential Client OAUTH integration to Sage 200 API

By Aaron Trevena, in General
 Share

Recommended Posts

Aaron Trevena

Aaron Trevena

Posted
Posted

Hi all,

Whats the recommended approach for integrating with sage 200 without human intervention (aws lamda functions, cron jobs, message queue workers, e-commerce) ?

  On 9/20/2022 at 11:21 AM, Steel, Mark said:

> The restriction of not being able to pass the business credentials is not one of Python but one of the Sage Business Cloud Accounting oAuth implementation.

>You can not complete the auth flow without the manual intervention of the user entering their Sage business credentials to authorise.

This would appear to rule out using the Sage 200 API for any e-commerce integration which would need to be fully automated and unattended - what API is provided for that - and does Sage provide a confidential client OAUTH authentication option as per the RFC? 

There's no mention of this possibility anywhere in the API documentation or in here, all I could find was that it's unsupported - are users who need automation and e-commerce supposed to move away from sage and use something else?

Thanks,

Aaron

Link to comment
Share on other sites
  • Administrators
Ben Smith

Ben Smith

Posted
  • Administrators
Posted

Hi Aaron,

You can essentially have a connection to the UKI 200 API unattended using the refresh token to maintain it. During the initial setup, manual login must be provided as part of the oauth process, but after that, the access token can be refreshed indefinitely and without the need for manual intervention. 

Is this what you need to confirm?

 

Ben

Link to comment
Share on other sites
Aaron Trevena

Aaron Trevena

Posted
  • Author
Posted
43 minutes ago, Ben Smith said:

You can essentially have a connection to the UKI 200 API unattended using the refresh token to maintain it. During the initial setup, manual login must be provided as part of the oauth process, but after that, the access token can be refreshed indefinitely and without the need for manual intervention. 

Is this what you need to confirm?

Thanks Ben,

It's a bit disappointing that the OAuth "confidential client" standard for machine to machine isn't supported, but we'll add this workaround. 

Is there any update on providing confidential client model authentication to the API? I've seen requests for that for the last couple of years with no ETA on it being provided.

Thanks again,

Aaron

Link to comment
Share on other sites

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now
 Share
Go to topic listing
×
×
  • Create New...