Jump to content

API Access for non-users


 Share

Recommended Posts

One of my customers wants to have an admin resource use my application to create and post sales and purchase invoices into SageOne, but they do not want that person to have the ability to log into SageOne itself. Given the way the initial authorization process works can anyone suggest how can this be done?

Cheers

Reg

Link to comment
Share on other sites

  • 2 weeks later...
  • Administrators

Hi Reginald,

Apologies for the delay in getting back to you. 

The only way at present I can see this working is if your customer's user is only going to be using your application, if authentication is handled during initial setup by the admin, then subsequently you maintain the connection via the refresh token - anyone that uses your app after that should be able to do so without ever knowing the credentials required to log in and access the Sage Business Cloud Accounting (SBCA) business. Obviously this depends upon how you are handling multiple users of your app and if they are required to sign into SBCA when they start a session.

 

Ben

Link to comment
Share on other sites

Thanks Ben. I've seen that this problem is universal, i.e. not just for SBCA, and it's an inherent weakness in the Oauth2 concept in my opinion. Some api suppliers are addressing it under the heading of M2M (machine to machine) access, and it would be interesting to know if SBCA are looking into this as well?

 

Cheers

Reg

Link to comment
Share on other sites

  • Administrators

Hi Reginald, 

Just wanted to let you know its something we are considering, but I can't confirm if or when that will likely happen at this stage.

I'll update you should I hear more.

 

Ben

Link to comment
Share on other sites

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now
 Share

×
×
  • Create New...