1

I am trying to make a post call in Exact Online REST API. I'm trying to create a SalesInvoiceLine. I can perfectly do a GET call via my browser. I am logged in in Exact Online so I don't need authentication since this should be passed via a cookie. I tried POST via a browser. The browser prompts me to login, when I do nothing happens. I've also tried this in Postman:

Error 401

I am 100% certain these initials are correct, I can login with them in Exact Online. What am I doing wrong?

If this is not the way, how can I post data to Exact Online? There are not that many concrete examples to find online.

  • Exact should have closed last year this type of access. So it might have worked in the past but no longer. – Guido Leenders Feb 22 '18 at 10:40
  • What is a working method to POST data to Exact Online then? –  Feb 22 '18 at 10:42
  • Your site cookie is useless. It has never worked since the API uses OAuth, which is rather complicated to implement. – Patrick Hofman Feb 22 '18 at 10:49
  • You might want to try one of the SDKs on github or Invantive SQL. With postman you should be able to get a short-lived token using implicit grant flow and post that along in the headers. See developers.invantive.com. – Guido Leenders Feb 22 '18 at 10:53
  • @PatrickHofman there was a time when you could access at least the XML APIs in another browser window once logged on. But they have been disentangling the web UI and the APIs last year, which is actually a great plan. Avoids a "you first need to configure the next fiscal year" window when an API tries to authenticate first time :-) – Guido Leenders Feb 22 '18 at 10:56
  • @GuidoLeenders i have a usecase where i need to use exact online API with PHP purely from commandline, so userless. I get the feeling this is not possible? This is very strange. – sietse85 Jul 16 '21 at 20:36
  • Just use header with access token from OAuth flow, should do the job. Works headless too. – Guido Leenders Jul 17 '21 at 21:17

3 Answers3

2

You can't log on to the Exact Online REST API with Basic authentication, the mode you are using now.

The web service uses OAuth as authentication mechanism, meaning you have to acquire a token first. The steps to do so are outlined in the official documentation.

It will need some work on your end to register an app, get the flow up and running. Depending on your business needs, you might be helped with one of the apps for Exact Online by the company I work for.

Patrick Hofman
  • 153,850
  • 22
  • 249
  • 325
1

You need to retrieve the CurrentDivision through GET Request https://{Base Uri}/api/v1/current/Me only from OAuth then you need to assign CurrentDivision to whatever may be the API call .../api/v1/{CurrentDivision}/../.... Without authorization by Auth 2.0, neither is impossible.

enter image description here

Nɪsʜᴀɴᴛʜ ॐ
  • 2,756
  • 4
  • 33
  • 57
1

To authorize the ExactOnline API calls you have to do the following:

  1. Register the app in the developer portal. Bear in mind that you have to do a separate registration for French, UK or Dutch version of ExactOnline (this is indeed a pain).
  2. In case you want your application to be used by other accounts than yours, you have to submit the app for validation, this usually takes 2-3 weeks.
  3. EO uses standard OAuth 2.0 schema (very similar to what Google is using with their services). You have to use endpoint GET /api/oauth2/auth for building an authorization link and endpoint POST /api/oauth2/token for obtaining both access and refresh tokens.
  4. Please bear in mind that many Auth 2.0 services are proving long-lasting refresh token. This is not the case of EO. The refresh token is invalidated every time when the access token is requested (endpoint POST /api/oauth2/token). With access token new refresh token is supplied, so make sure you update you refresh token as well.
  5. The access token is placed in HTTP header as "Authorization: Bearer {{ACCESS_TOKEN}}"

In case you want to automate the EO API calls and do not want to code anything on your own, you can try one of the pre-build Exact Online API connectors, created by the company I work for.

Petr Nemeth
  • 61
  • 5