Getting started with the Procurios API
The Procurios API's are accessible through Oauth2 using either the authorization code or the client credentials grant type. While it is not our intention to explain Oauth2 itself into detail, the following guides should help you get started. For more information on Oauth2 we recommend connect2id.com
There are two ways to connect with the Procurios API:
- Authorization code
- Client credentials
1. Authorization code
The authorization code grant type allows you as a client to use the Procurios API from the perspective of a user.
Procurios should have received:
- A list of allowed redirect urls
You should have received:
- An Oauth2 client id
- An Oauth2 client secret
- A token request endpoint url
- A client authorization endpoint url
- At least one scope to claim
The flow of calls should be:
-
Direct the user to the authorization endpoint
{clientAuthorizationEndPointUrl}?response_type=code&scope={space separated list of scopes}&client_id={clientId}&redirect_uri={redirectUrl}
Example:
https://procurios.com/l/oauth2/authorize?response_type=code&scope=profile&client_id=abc123&redirect_uri=example.com
-
Receive the user with his or her access code
{redirectUrl}?code={code}
Example:
https://example.com?code=X
-
Call the token request endpoint with the access code and receive the access token
POST {tokenRequestEndpointUrl} Content-Type: application/x-www-form-urlencoded grant_type=authorization_code&client_id={clientId}&code={code}&client_secret={clientSecret}
Example:
POST https://procurios.com/l/oauth2/token Content-Type: application/x-www-form-urlencoded Accept: application/json grant_type=authorization_code&client_id=abc123&code=X&client_secret=dfe456
Access token response:
{'access_token': '{accessToken}'}
- Call the Procurios API with the header
Authorization: Bearer accessToken
(See below for examples)
Example:
-
Send the user to the client authorization endpoint:
2. Client credentials
The client credentials grant type allows you as a client to use the Procurios API from server to server without the context of a user.
You should have received:
- An Oauth2 client id
- An Oauth2 client secret
- A token request endpoint url
- At least one scope to claim
The flow of calls should be:
-
Call the token request endpoint with the client id and secret and receive the access token
POST {tokenRequestEndpointUrl} Content-Type: application/x-www-form-urlencoded Accept: application/json grant_type=client_credentials&client_id={clientId}&client_secret={clientSecret}&scope={space separated list of scopes}
Example:
POST https://procurios.com/l/oauth2/token Content-Type: application/x-www-form-urlencoded Accept: application/json grant_type=client_credentials&client_id=abc123&client_secret=dfe456&scope=profile
Access token response:
{ "access_token": "{accessToken}", "token_type": "bearer", "expires_in": 3600, "scope": "{scope}" }
- Call the Procurios API with the header
Authorization: Bearer accessToken
Example API Requests
Once you have your access token, example requests could look something like:
GET https://procurios.api/l/module_api/object
Accept: application/vnd.procurios.application+json; version=1
Accept-Language: en-US,en;q=0.5
Authorization: Bearer accessToken
POST https://procurios.api/l/module_api/object
Accept: application/vnd.procurios.application+json; version=1
Accept-Language: en-US,en;q=0.5
Authorization: Bearer accessToken
{
"key": "value",
"otherKey": 2
}
Feedback
This document is a work in progress and your opinion helps us to improve. Please let us know what we can do better at support@procurios.com.