Authorization and Limits
Summary of Changes: (The purpose of this table is to keep traceability and Product team to highlight the things that were changed into the scope, based on comments or discussions)
| Version | Date | Created / Updated | Notes |
|---|---|---|---|
| v1.0 | 04.04.23 | Bogomil Pavlov | First publish |
| v1.1 | 01.06.23 | Bogomil Pavlov | Second type authorization for shipping and cancellations |
| v1.2 | 02.08.23 | Bogomil Pavlov | Added scope for returns |
The purpose of this document is to describe how we authenticate on Very and also to specify the limits.
Authorization - Token Based and Oauth 2.0
We have to use Basic Token authorization which we specify in the header of the request and simply store two values locally in order to generate the token. (v1.1) This type of authorization is valid for Order Push API and the stock updates however for the order shipping updates and order cancellation we will have another type of authorization using Oauth.
| Authorization Type | Cron |
|---|---|
| Token Based | Order Push |
| Token Based | Stock Update |
| Oauth2.0 | Order Ship |
| Oauth2.0 | Order Cancel |
In Account Very we can have:
| Hemi Field | Type | Comment |
|---|---|---|
| Use Sandbox | checkbox | We will have two URLs one for sandbox and one for production. |
| We want to hardcode them in the code and control them with the flag | ||
| Company Ref ID | varchar(255) | Used for Token Based authentication |
| API Key | varchar(255) | Used for Token Based authentication |
| (v1.1) Client Id | varchar(255) | Used for Oauth 2.0 authentication |
| (v1.1) Client Secret | varchar(255) | Used for Oauth 2.0 authentication |
When we are making request we need to concatenate the Company Ref ID:API (850135:AD0D7AEB25F3F676450F5C79ED6).
Sample: [{"key":"Authorization","value":"Basic 850135:AD0D7AEB25F3F676450F5C79ED6"}]
(v1.1)The second type authorization is OAuth 2.0 and we have to make a request which will generate the access token.
End Point: POST https://oauth.kornitx.net/token*Body (x-www-form-urlencoded):*client_id - provided by KornitX and does not expire grant_type -Hardcoded as “client_credentials“ client_secret - provided by KornitX and does not expire <v1.2>scope - Hardcoded as “api-sl-2-3.order-shipment.create“ “api-sl-2-3.order-cancellation.create“ “api-sl-2-3.order-return.create“ separated by space (without the ““) </1.2>
When using OAuth we can specify two scopes at the same time but must be separated by space.
Sample Request:
Sample Response:
{
"token_type": "Bearer",
"expires_in": 3600,
"access_token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJhdWQiOiI2NTY1MzA2NS0zOTY1LTMyMzAtMmQzNS02NjM0NjQyZDM0MzEiLCJqdGkiOiIwMTk4ZmM4NmFkZjhhMzM1ZDcwZDRhYjYxZTBjMzc3MzRjY2U1NWIwMDk1ZGY2NDdmYTUyN2M4NDVmZjdkMzljZDBiODUyMTZjODYzMWM0MyIsImlhdCI6MTY4NTk2MDYyNC42MTQ0OSwibmJmIjoxNjg1OTYwNjI0LjYxNDQ5MSwiZXhwIjoxNjg1OTY0MjI0LCJzdWIiOiIyMjQ2MjQiLCJzY29wZXMiOlsiYXBpLXNsLTItMy5vcmRlci1jYW5jZWxsYXRpb24uY3JlYXRlIiwiYXBpLXNsLTItMy5vcmRlci1zaGlwbWVudC5jcmVhdGUiXX0.I0bbL4KV6iu80M2pqiwFoxCnhsKuqjK3jMieAtY_cVQPmaGWqs0-_Y4Hghe-nPvIChxjZV4FeHklP7-BZv4Ei3cExfajGkYUOVzfvEChKqm6pyw2TMtP99SKr87l8M_dOcJgFas0NZGadv0uPJaF-l0ymOmSRZO9d4VbXTioge6LBHFqy1GmJTXnGBt3SvKNdXBsqxcpzc69Hf_LRFqncpMcD-Ny_ELvkPSDYKBgbLlDzGoi7GNPQdA0H6LXkaA2uxXGFu3q6biUdz05j3520Y0m57BKlaggBKL3FyKw3uJSG5FEMJt-eadR4IfKXrYVSkX4Ot1yxlp05n9_-DFmKQ"
}