Quill Authentication, Database Strucutre and Limits
| Version | Date | Created / Updated | Notes |
|---|---|---|---|
| v1.0 | 20/09/2024 | Hristiyan Georgiev | First publish |
Authentication
The authorization is via two components which need to be sent as headers. The first one is a standard Bearer token which we will be getting with a GET call. The second one is a Ocp-Apim-Subscription-Key header used for API authorization in the context of Microsoft's Azure API Management (APIM) platform. This key acts as a form of authentication when interacting with APIs managed by Azure API Management. This key will be a 32 Bit Key provided to us by Quill as well.
Ocp-Apim-Subscription-Key - Will be provided later. Ask @Hristiyan Georgiev or @Danail Deltchev
Bearer token generation :
API Call : GET https://login.microsoftonline.com/ussicorp5.onmicrosoft.com/oauth2/v2.0/token
We need to send a couple of keys as a form-data body.
The keys that we need to send are client_id , scope , grant_type and client_secret
We want to hardcode the grant_type as “client_credentials”.
client_id we pick from Quill Connector > Client ID
scope we pick from Quill Connector > Scope
client_secret we pick from Quill Connector > Client Secret
Example request cURL
curl --location --request GET 'https://login.microsoftonline.com/ussicorp5.onmicrosoft.com/oauth2/v2.0/token' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--header 'Cookie: fpc=AgWe-erz1n9PiQpwk5GHm0GXVWupAQAAAB2vhd4OAAAA; stsservicecookie=estsfd; x-ms-gateway-slice=estsfd' \
--form 'client_id="68c7d415-b950-4654-9910-5ebedcca7457"' \
--form 'scope="api://68c7d415-b950-4654-9910-5ebedcca7457/.default"' \
--form 'grant_type="client_credentials"' \
--form 'client_secret="LR08Q~PPt8G7MLI5fsuKoyWPAsqJR1ewKf~lYckZ"'Example response :
{
"token_type": "Bearer",
"expires_in": 3599,
"ext_expires_in": 3599,
"access_token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsIng1dCI6Ikg5bmo1QU9Tc3dNcGhnMVNGeDdqYVYtbEI5dyIsImtpZCI6Ikg5bmo1QU9Tc3dNcGhnMVNGeDdqYVYtbEI5dyJ9.eyJhdWQiOiJhcGk6Ly82OGM3ZDQxNS1iOTUwLTQ2NTQtOTkxMC01ZWJlZGNjYTc0NTciLCJpc3MiOiJodHRwczovL3N0cy53aW5kb3dzLm5ldC9iMTAxZjdhYi01NmFjLTQ4NWYtYjM5Ny01Mjc5Njk4ZmRmN2QvIiwiaWF0IjoxNzI3MjQ4MTE0LCJuYmYiOjE3MjcyNDgxMTQsImV4cCI6MTcyNzI1MjAxNCwiYWlvIjoiRTJkZ1lEZ1htZkpZelo3WkpGVHA3dm5xVldjT0FRQT0iLCJhcHBpZCI6IjY4YzdkNDE1LWI5NTAtNDY1NC05OTEwLTVlYmVkY2NhNzQ1NyIsImFwcGlkYWNyIjoiMSIsImlkcCI6Imh0dHBzOi8vc3RzLndpbmRvd3MubmV0L2IxMDFmN2FiLTU2YWMtNDg1Zi1iMzk3LTUyNzk2OThmZGY3ZC8iLCJvaWQiOiJmODIwMzY4Zi0xZjAyLTQ2ZDItYmM3Yy00MTYxNTQ4ZTY2MzMiLCJyaCI6IjAuQVEwQXFfY0JzYXhXWDBpemwxSjVhWV9mZlJYVXgyaFF1VlJHbVJCZXZ0ektkRmNOQUFBLiIsInN1YiI6ImY4MjAzNjhmLTFmMDItNDZkMi1iYzdjLTQxNjE1NDhlNjYzMyIsInRpZCI6ImIxMDFmN2FiLTU2YWMtNDg1Zi1iMzk3LTUyNzk2OThmZGY3ZCIsInV0aSI6IkVDQXp6OWpnSFU2SWVCQVctWnJ3QUEiLCJ2ZXIiOiIxLjAifQ.IzrNtMZcjfSfmGPej-fUXri90G_Uv8yUcfrv0NNiGE1QzjwaKp87CVqhFrr32FDUOjYZkPM-oQYAk54qmJ8lK2s_-T6hBPwnzcw9Ny6zbDFBTSWSDU_RWBDPOgjhOAwfYZujKuZALSmpS1l_CAIiXXSTVu_Vz8mc05AoaWfFb3vIqLJt1Pvl1Mz8LRX1V39bxUJsqc2rsvVcTp-V-q1gDXJcvhf_zyJKJETil-1iTFuUhmeGND2O-QjKPqo4bvyZbTGDK6359jJEznuLg9tiMWfN-DEId7nNrtn3Dnt0MENnK8DIuhWNuw_G15KP76NGs_t2mBg8V9BITYhMRXUGKw"
}We don’t want to keep the token or subscription key anywhere in the UI so we can store them in cache. We need to make sure we are refreshing the token before it expires.
Database
Additional tables will need to be created, however please note the structure and names are just suggestions.
Quill Connector - here we will be storing all the Quill details required from the connection to work and this is our starting point.
| Field Name | Type | Required | Comment | Default Value | |
|---|---|---|---|---|---|
| Main Fields | |||||
| Name | varchar | Yes | Field for internal use to name the connector | ||
| Client ID | varchar | Yes | This is the client ID needed for the authentication | ||
| Client Secret | varchar | Yes | This is the client secret needed for the authentication. | ||
| Scope | varchar | Yes | This will be needed for authorisation | ||
| Subscription-Key | varchar | Yes | This will be needed for authorisation | ||
| Settings | Separate tab | ||||
| Active | checkbox | No | Flag indicating if the connector is active and based on this we can switch off and on the connector | false |
|
| Create Orders | checkbox | No | Flag indicating if we would like to export/create new orders on Quill.This will be our only “setting” for now but with potential to expand in the future. | false |
Account Quill Connector - slave table for Account to connect with the Quill Connector. We will need to keep the name and few other fields.
| Field Name | Type | Required | Comment |
|---|---|---|---|
| Connector Name | dropdown | Yes | A dropdown list with all Quill connectors |
| Supplier agency ID | varchar | Yes | This is a speficic ID which quill will provide to us and needs to be sent with each order create |
| Dont send order older than X days | varchar | No | We need this due to a logic in the order export. |
API Limits
Quill have advised that they currently have “a high rate limit that you should not reach” so we don’t want to implement any limits or throttling on our side. We can revisit this later if it becomes an issue.