Do I need to authenticate to use Acutrack APIs?
Yes. All Acutrack APIs require successful authentication before you can access any API resources.
How does Acutrack API authentication work?
Acutrack APIs authenticate using API user credentials (username and password). After you authenticate, you exchange those credentials for an access token, which is used to call Acutrack API endpoints.
Setting Up Your API User Credentials
How do I generate or set my API password?
Acutrack will send an email to your dedicated email address with an activation link for your API user. Use that link to set your password.
What do I use as my username?
Your email address is used to generate your password and is associated with your API user credentials.
Can I share my API username and password with others?
No. Your username and password are private and must not be shared.
Can I use the API user to log into the Acutrack portal?
No. The API user is only for accessing Acutrack APIs. Portal access is denied for this user.
Access Tokens
What is an access token?
An access token is a credential you use to authenticate API requests after logging in. It allows you to access Acutrack API resources without sending your username and password with every request.
How do I get an access token?
To access any Acutrack API resource, you must provide your username and password and exchange them for an access token. Once issued, you use that token to authenticate your API calls.
Why do I need to exchange credentials for a token?
Acutrack requires credentials only for obtaining the token. After that, the token is used to access API resources, keeping authentication consistent across requests.
To get the access token you will need to make a POST request to our token endpoint:
https://fulfillmentapi.acutrack.com/api/Authentication/authenticateThe request will require username and password
{
"userName": "email@domain.com",
"password": "password"
}An access token is valid for a certain amount of time before it expires. This limit is currently set to 60 minutes. When it expires, the requested resource will throw the following error: 'The token is expired' with error code 401. At this time a new access token should be requested. A new access token is not needed for each request.
We recommend that you refresh the access token periodically (~45 mins to 50 mins) so that none of the resource requests receive an error due to an expired access token.
3. Receive your tokens
The token endpoint will verify all the parameters in the request and, if everything checks out, it will generate your access token and return it in the response.
The response will contain the following parameters:
token:The access token used to call the API.
refreshToken: The refresh token used to regenerate new access token
when the previous access token expires.
companies[id]: ClientId to be used in every Order & Product API calls.
companies[gatewayId]: GatewayId to be used in every Order & Product API calls.
companies[storeName]: StoreName to be used in every Order & Product API calls.Response JSON:
{
"id": 1,
"userName": " email@domain.com",
"token": "accesstoken123%67983",
"refreshToken": "refreshToken123%sxs=",
"companies": [
{
"id": 0,
"company": "CompanyName",
"gatewayId": 4,
"storeName": "clientStoreName",
"isDefault": true
}
]
}4. Call the API
Workflow
- The following fields need to be sent as parameters – userName, and password
- Sending the request will return a token in the response
The access token is a Bearer token, hence it must be sent with every resource request using the Authorization header with the word Bearer preprended to the token itself and separated by a space. For example, if the access token value is eXFWWERlC8wafnWgAlgqxagATPF0F, then the token must be passed in all resource requests as a header as follows –
Header name: Authorization
Header value: Bearer eXFWWERlC8wafnWgAlgqxagATPF0FMake calls against the Acutrack APIs by simply adding the following headers to your request:
GET "https://fulfillmentapi.acutrack.com/ProductInventoryStockDetails/{clientId}"
Authorization: "Bearer " + token
Accept: application/json5. Refresh Token
The refresh token should be used to regenerate the new access token when the previous access token is about to expire.
POST "https://fulfillmentapi.acutrack.com/api/Authentication/RefreshToken"
Authorization: "Bearer " + token
Accept: application/jsonRequest JSON:
{
"jwtToken": "string",
"refreshToken": "string"
} jwtToken is the access token
Comments
0 comments
Article is closed for comments.