Provider Developer Onboarding

This is for generating tokens to interact with the API endpoints. The WebUI just requires a normal account linked to the organisation you wish to manage

  1. Contact us directly at [api-support (at) powerepos.cloud] to setup your developer credentials for making API calls

    • We will need your company name, website and primary contact details
    • We will send you the following details:
      • ClientID - string - OAuth2 Client ID (public information)
      • ClientSecret - string - OAuth2 Client Secret (sensitive information)

  2. Contact the organisation you wish to connect with and request the following:

    • Organisation Code - string - a unique identifier for their organisation
    • A service account ID + service account password
      • Note - You will not be able to operate with an end user's email+password. You will need a service account.

  3. Using the PowerEPOS AuthServer and the OAuth2 Token endpoint at /authorisation/token, make a password grant request with the org_id parameter set to the Organisation Code that the end user has provided you. Ensure that scope includes des

    This token will be scoped to DES itself. It cannot be used for accessing organisation sales/configuration.

    The token will be valid for a duration defined here

Example Token Request

DES Scoped Token

HTTP POST https://auth.powerepos.cloud/authorisation/token
Content-Type: application/x-www-form-urlencoded

grant_type=password&
client_id=<Your ClientID>&
client_secret=<Your ClientSecret>&
org_id=<Organisation Code that you want a DES token for>&
username=<Service Account ID>&
password=<Service Account Password>&
scope=des offline_access

JSON Encoded Response:

{
    "token_type": "Bearer",
    "access_token": "ey...3Y",
    "expires_in": 28800,
    "refresh_token": "abc"
    "svc": "https://example.service.uri/",
    "org_id": "<Organisation Code that you requested the token for>"
}

Discovering DES URI

The JSON Encoded Reponse to the token request will have a property called "svc" which will contain the DES service URI that you must use for any requests.

Alternatively, the access_token returned will be a JSON Web Token with custom claims (in the payload) that are defined at AuthServerClaims. AuthServerClaims.Service will hold the DES URI that THIS particular token is to be used with. This can be subject to change so ensure it's always decoded.