pwrd by

Getting started with the Procurios API

The Procurios API's are accessible through Oauth2 using either the authorization code or the client credentials grant type. While it is not our intention to explain Oauth2 itself into detail, the following guides should help you get started. For more information on Oauth2 we recommend connect2id.com

There are two ways to connect with the Procurios API:

  1. Authorization code
  2. Client credentials

1. Authorization code

The authorization code grant type allows you as a client to use the Procurios API from the perspective of a user.

Procurios should have received:

  • A list of allowed redirect urls

You should have received:

  • An Oauth2 client id
  • An Oauth2 client secret
  • A token request endpoint url
  • A client authorization endpoint url
  • At least one scope to claim

The flow of calls should be:

  1. Direct the user to the authorization endpoint

    {clientAuthorizationEndPointUrl}?response_type=code&scope={space separated list of scopes}&client_id={clientId}&redirect_uri={redirectUrl}
    
    Example:
    https://procurios.com/l/oauth2/authorize?response_type=code&scope=profile&client_id=abc123&redirect_uri=example.com
    
  2. Receive the user with his or her access code

    {redirectUrl}?code={code}
    
    Example:
    https://example.com?code=X
    
  3. Call the token request endpoint with the access code and receive the access token

    POST {tokenRequestEndpointUrl}
    Content-Type: application/x-www-form-urlencoded
    
    grant_type=authorization_code&client_id={clientId}&code={code}&client_secret={clientSecret}
    
    Example:
    POST https://procurios.com/l/oauth2/token
    Content-Type: application/x-www-form-urlencoded
    Accept: application/json
    
    grant_type=authorization_code&client_id=abc123&code=X&client_secret=dfe456
    

    Access token response:

    {'access_token': '{accessToken}'}
    
  4. Call the Procurios API with the header Authorization: Bearer accessToken (See below for examples)
Example:
  1. Send the user to the client authorization endpoint:

2. Client credentials

The client credentials grant type allows you as a client to use the Procurios API from server to server without the context of a user.

You should have received:

  • An Oauth2 client id
  • An Oauth2 client secret
  • A token request endpoint url
  • At least one scope to claim

The flow of calls should be:

  1. Call the token request endpoint with the client id and secret and receive the access token

    POST {tokenRequestEndpointUrl}
    Content-Type: application/x-www-form-urlencoded
    Accept: application/json
    
    grant_type=client_credentials&client_id={clientId}&client_secret={clientSecret}&scope={space separated list of scopes}
    
    Example:
    POST https://procurios.com/l/oauth2/token
    Content-Type: application/x-www-form-urlencoded
    Accept: application/json
    
    grant_type=client_credentials&client_id=abc123&client_secret=dfe456&scope=profile
    

    Access token response:

    {
        "access_token": "{accessToken}",
        "token_type": "bearer",
        "expires_in": 3600,
        "scope": "{scope}"
    }
                    
  2. Call the Procurios API with the header Authorization: Bearer accessToken

Example API Requests

Once you have your access token, example requests could look something like:

GET https://procurios.api/l/module_api/object
Accept: application/vnd.procurios.application+json; version=1
Accept-Language: en-US,en;q=0.5
Authorization: Bearer accessToken
POST https://procurios.api/l/module_api/object
Accept: application/vnd.procurios.application+json; version=1
Accept-Language: en-US,en;q=0.5
Authorization: Bearer accessToken

{
"key": "value",
"otherKey": 2
}

Feedback

This document is a work in progress and your opinion helps us to improve. Please let us know what we can do better at support@procurios.com.