Process change for API integrations - January 2022

There has been a change to the process for initially linking third-party apps to ready2order accounts since January 2022.

Who is affected by the changes?

  1. If you started developing a third-party app integration before this time, the authentication process has changed.
  2. If you have an existing integration that regularly revokes access, the integration must be updated to the new process.

What is this document?

This document will walk you through the necessary changes that need to be made in third-party apps to ensure that the initial authentication process for ready2order accounts continues to work.

To work with ready2order's API, it is necessary to request an API token for a specific ready2order account. To receive this API token, the ready2order customer must be redirected to a specific page where the ready2order customer must log in. After successful login, the ready2order customer must agree that the third-party app can access the account data.

Which part is affected by this change?

The process by which you obtain the initial API Developer Token has changed.

If you have a reason to revoke the API Developer Token, the process for obtaining a new one will be changed as described below.

What has changed?

Old process

A third-party developer redirected the ready2order customer to this page.

This process is deprecated and will be decommissioned on February 28, 2022.

New process

  1. Use your developer token (sent to you via email when you registered as an API developer) to request a temporary grant access token
If you have lost the original email and have not saved the token in the configuration of your third-party app, please contact ready2order support.

POST https://api. ready2order .com/v1/developerToken/grantAccessToken

Authorization: {DEVELOPER_TOKEN}

Accept: application/json

{

"authorizationCallbackUri" : null|string

}

Optionally, the authorizationCallbackUri parameter can be specified in the request body, which must contain a valid, publicly accessible URL to which we will redirect the ready2order customer after approval or rejection. If specified, we will redirect the ready2order customer to this page with the following parameters.

GET https://example.com/redirect-endpoint?status=approved|abgelehnt&accountToken=${ACCOUNT_TOKEN}&grantAccessToken=${GRANT_ACCESS_TOKEN}

Please remember to compare the grantAccessToken passed to the authorizationCallbackUri with the grant access token on your site to avoid unexpected results.

  1. Using the grantAccessUri and redirecting the ready2order - customers to this page.

Next, the ready2order customer will be asked to log in and can either grant or deny access to your app.

If the ready2order customer has consented and no authorizationCallbackUri has been specified, the ready2order customer will only be shown the account token for using the API.

If the ready2order customer has agreed and an authorizationCallbackUri has been specified, the ready2order customer is redirected to the specified address and the account token for using the API can be read from the accountToken query parameter.

For more information, see the API documentation.
If the account token becomes invalid for any reason, the process must be repeated to obtain an active account token.

How did we do?