Token auth for all
We are very happy to announce that we now fully support token authentication for all license types.
Both end-users and administrators are now able to access our APIs via token authentication.
This opens the door for administrators to take full advantage of REST and the ease of implementation related to this API, along with the ability for all to tap into the full range of solutions available from our many Partners.
Administrator?
Administrator agreements aka the administrator module is a separate e-conomic login that gives access to a list of e-conomic agreements where you have been assigned as an administrator. These are used by accounting offices, accountants, bookkeepers or companies whose main focus is an accounting.
Read the full presentation (in Danish).
Switching from stored credentials to tokens
In July 2018 we deprecated the last credentials based authentication method in SOAP. This means that if you haven’t yet you should follow our Token connect guide to get back onto the APIs.
Quick info:
Tokens need only be generated once and do not have a TTL.
Tokens may be revoked inside e-conomic by the user by going to All Settings -> Extensions -> Apps.
Generating agreement grant tokens as administrator
In this first release of tokens for administrators, it is required that the administrator first establishes the administration context before following the RequestURL.
What this means is:
- Login to your administrator module.
- Switch to administering the agreement you want to add the app to.
- Follow the RequestURL in the same browser.
- Add app.
We would love to know more about your admin workflow and how you’d like to see the app flow for administrators improved so please don’t hesitate to get in touch with us on api@e-conomic.com.
The link “Application_CreateAdministratorAgreementGrantToken”, gives me this:
Method Not Found
Method ‘Application_CreateAdministratorAgreementGrantToken’ was not found in service EconomicWebService.
(Feel free to remove this comment when fixed)
Thank you.
Hi Bo, Thank you for your comment. Sorry about the inconvenience. The deployment of the method has been slightly delayed. It should be out by tomorrow, March 6th 2018. I’ve updated the article to reflect the delay.
Hi Ole,
We have had integration between Economic and Microsoft Dynamics CRM via SOAP web service where we used connect method.
we are trying to convert integration to use Rest API and tokens.
We created sample application using .net C# on local computer and sucessfully made Get/Post/Put requests to RestAPI using user with superuser role.
The problem is if we deploy this application to Dynamics CRM (which is online(could)) and make a Post request, we get 401:Unauthorized response. Get request works fine …
Do we need something ekstra when we are trying to make post request from an application on cloud.
We used Postman and it works fine with that too..
Hi Javed,
e-conomic REST API does not distinguish between clients or origin. As long as token headers are correctly included and content-type set then all is fine on our end.
For further help on the issue is needed please contact the API support on api@e-conomic.com
Should you happen to figure out how to get Dynamics to properly set headers I’d suggest you include a reply here with the resolution. Just in case others might hit the same speed bump. Thanks.
Hi Ole,
This is very very strange that the same code started working fine today ….:@
I am using Microsofts new system.net.http.httpclient which they suggest to use for Restful api requests.
here is how to set headers:
client.BaseAddress = new Uri(“https://restapi.e-conomic.com/”);
client.DefaultRequestHeaders.Accept.Clear();
client.DefaultRequestHeaders.Accept.Add(new MediaTypeWithQualityHeaderValue(“application/json”));
client.DefaultRequestHeaders.Add(“X-AppSecretToken”, “yoursecredtoken”);
client.DefaultRequestHeaders.Add(“X-AgreementGrantToken”, “youragreementtoken”);
Here are Generic Get/Post asynchronous methods
static async Task Get(string uri)
{
using (HttpResponseMessage resp = await client.GetAsync(uri, HttpCompletionOption.ResponseHeadersRead))
{
//var st = resp.Content.ReadAsStringAsync().GetAwaiter().GetResult();
Stream stream = await resp.Content.ReadAsStreamAsync();
if (resp.IsSuccessStatusCode)
{
return DeserializeJsonFromStream(stream);
}
var content = await StreamToStringAsync(stream);
throw new Exception(“[Get]- StatusCode:” + resp.StatusCode.ToString() + “. Contents:” + content);
}
}
static async Task Post(string uri, U inv)
{
MemoryStream ms = new MemoryStream();
DataContractJsonSerializer ser = new DataContractJsonSerializer(typeof(U));
ser.WriteObject(ms, inv); byte[] jsonByteArray = ms.ToArray(); ms.Close();
string json = Encoding.UTF8.GetString(jsonByteArray, 0, jsonByteArray.Length);
StringContent jsoncontent = new StringContent(json, UTF8Encoding.UTF8, “application/json”);
using (HttpResponseMessage resp = await client.PostAsync(uri, jsoncontent))
{
//var st = resp.Content.ReadAsStringAsync().GetAwaiter().GetResult();
var stream = resp.Content.ReadAsStreamAsync().GetAwaiter().GetResult();
if (resp.IsSuccessStatusCode)
{
return DeserializeJsonFromStream(stream);
}
var content = await StreamToStringAsync(stream);
throw new Exception(“[Get]- StatusCode:” + resp.StatusCode.ToString() + “. Contents:” + content);
}
}
Hope it will save someone’s time 🙂