Partner Services Developer Onboarding

This is for generating tokens to interact with the API endpoints. The WebUI just requires a normal account linked to the organisation you wish to manage

  1. Contact us directly at [api-support (at) powerepos.cloud] to setup your developer credentials for making API calls

    • We will need your company name, website and primary contact details
    • We will send you the following details:
      • ClientID - string - OAuth2 Client ID (public information)
      • ClientSecret - string - OAuth2 Client Secret (sensitive information)

  2. Contact the organisation you wish to connect with and request the following:

    • Organisation Code - string - a unique identifier for their organisation
    • A service account ID + service account password
      • Note - You will not be able to operate with an end user's email+password. You will need a service account.

  3. Using the PowerEPOS AuthServer and the OAuth2 Token endpoint at /authorisation/token, make a password grant request with the org_id parameter set to the Organisation Code that the end user has provided you. Ensure that scope includes partnerservices

    This token will be scoped to the Partner Service itself. It cannot be used for accessing other APIs / services.

    The token will be valid for a duration defined here

Example Token Request

Partner Services Scoped Token

HTTP POST https://auth.powerepos.cloud/authorisation/token
Content-Type: application/x-www-form-urlencoded

grant_type=password&
client_id=<Your ClientID>&
client_secret=<Your ClientSecret>&
org_id=<Organisation Code that you want a Partner Services token for>&
username=<Service Account ID>&
password=<Service Account Password>&
scope=partnerservices offline_access

JSON Encoded Response:

{
    "token_type": "Bearer",
    "access_token": "ey...3Y",
    "expires_in": 28800,
    "refresh_token": "abc"
    "svc": "https://example.service.uri/",
    "org_id": "<Organisation Code that you requested the token for>"
}

Discovering PartnerServices URI

The JSON Encoded Reponse to the token request will have a property called "svc" which will contain the Partner Services URI that you must use for any requests.

Alternatively, the access_token will be a JSON Web Token with custom claims (in the payload) that are defined at AuthServerClaims. AuthServerClaims.Service will hold the PartnerServices URI that THIS particular token is to be used with. This can be subject to change so ensure it's always decoded from the claim.