My Products
Help
Anonymous
Not applicable

Error when authenticating against API (for only one customer)

by Anonymous

Hello!

We have a rather critical issue with one integration where we have generated a token (the same way we always do) but when using it in our integration and on the swagger page we get exception: 

 

500 undocumented

{
  "ExceptionType": "IPPException",
  "ExceptionMessage": "",
  "ExceptionFaultCode": "5520",
  "ExceptionMessageID": "5520_13ab6adc-bd3a-4b9f-95c9-cc8b7ee5f6e4",
  "ExceptionDetails": ""
}

 

 cache-control: no-cache,no-cache  connection: close  content-type: application/json  date: Fri, 09 Oct 2020 11:39:22 GMT  expires: -1  feature-policy: geolocation 'none'; vr 'none'; payment 'none'; midi 'none'; microphone 'none'; fullscreen 'none'; encrypted-media 'none'; camera 'none'; autoplay 'none';  ipp-request-id: f544f778-9ccb-4d57-aaa4-a2f9d07bdb43  pragma: no-cache  referrer-policy: origin-when-cross-origin  strict-transport-security: max-age=31536000; includeSubDomains  transfer-encoding: chunked  vnfinstanceid: ERP_SE_DEMO_0031  x-content-type-options: application/json  x-handled-by: Acumatica-PX.Export/AuthenticationManagerModule  x-xss-protection: 1;mode=block 

 

I have tried to generate a new token but we get the same problem. This only happens when I use any token I generate for this one customer towards their companies. 

 

We have tried to create a new API user from scratch and do it all over again with a new token but unfortunatley the same result. There is two different demo companies for this customer and I cannot reach either one of them with any token. 

 

I tried to add my own user to his company and use my users token but same problem. When I just seconds later use my user's api token for a different customer that it's added on it works just perfect.  

 

We are in kind of a hurry to get this solved because we are supposed to meet the customer on monday and have a test day with them. 

 

Is there any additional information you need to look into this? 

Thanks! 

/Frida 

14 REPLIES 14
Yıldırım
VISMA

by Yıldırım (Updated ‎09-10-2020 14:39 by Yıldırım VISMA )

Hello,

Can you please contact integration developers in order to elucidate the followed operations respectively? We're unable to determine what might be the issue without the technical details.


@Anonymous wrote:

We have a rather critical issue with one integration where we have generated a token (the same way we always do) but when using it in our integration and on the swagger page we get exception. 

1- On the swagger, the page has its own Swagger-ui ClientID and it generates a one-time (session bounded) token for the authenticated Visma.Net Financials User. So there is no option such as another token can be added to the page.

In token generation process,
There's no customer involved in the Authorization Code Flow, both flows generate a token on behalf of the Visma.Net Financials user.

The authenticated user's access rights(Financials Administrator-Financials User) in Visma.net determine that the generated token can be used on which company.

Supposing that there is X ISV has 2 customers and integration running like
1st Customer: a-b-c companies
2nd customer: d-e-f companies

When token request made from the same API CLIENT ID:
Each company should have its own Visma.Net user to generate a token and this token will work as covering the companies based on the authenticated users granted roles on the Visma.Net Financials.

The token belongs to visma.net USER and can be used on any company where the user has "Financials User"-"Financials Administrator" role granted.

Each consecutively generated token automatically invalidates the recently created one.
(Request made from the Same CLIENT ID & the Same Visma.Net Financials user for all integrations/company)

2- Can you please inform us about how do you generate a token and in which operation are you receiving 500 HTTP Status code ?

This isn't related to Invalid Token or not having access to the Financials Companies.
Otherwise, you'd just receive 401(Unauthorized) or 400 "Invalid parameter exception: ipp-company-id"

 

For more information, please have a look at the following articles:
A) Connecting your Visma.Net Financials company to the API 
B) Visma.Net Integrations Startup Guide

C) OAuth 2.0 Authorization Flow

 


 

Anonymous
Not applicable

by Anonymous

Hi, 

 

1. I have not tried to add another token on swagger. I have given my credentials  and logged in with the user we created solely for this customer's integration. We are not using it on anything else. 

 

When trying a GET to the Account endoint with the user on swagger I get the 500 response. The user I created for this integration is a financials user  in visma.net GUI.

 

This customer has its own Visma.net user to generate a token and the token was no problem generating, but when trying to do a simple GET from both our integration AND swagger (same user credentials) we get the error. 

 

2. There was not a problem to generate the token itself. I did the exact same thing for a different integration right after this without a hitch and did not have this problem at all. 

The problem occurs everytime I try to make a request to the API to this licens' companyID, in this example: 

 

https://integration.visma.net/API/controller/api/v1/account

 

I did the exact same process to my test company and created a new user for my testcompany, used it on swagger towards my testcompany and did the GET request towards the Account endpoint and recieved a 200 response code.  

 

I did the exact same steps after this to the company that is causing error but thought that maybe it would solve itself by creating whole new user with the exact same steps but I still recieved 500 code. 

 

/Frida 

Yıldırım
VISMA

by Yıldırım

Thanks for the details, it does not appear to be related to the way you're generating a token.
Could you make a GET request to Context Endpoint, see if there are any companies returned ?

Can you inform us about,

  • CompanyID & Name 
  • Authenticated Financials User <email>  

thus, we can check if there is anything wrong with the Financials ERP Company / License. 

 

Anonymous
Not applicable

by Anonymous

Sorry about me being vague before, I guess it's friday-stress!

 

When doing https://integration.visma.net/API/resources/v1/context I get 200 and 3 companies returned (all 3 companies this user is added to in financials). 

 

The email adress is: skogsvnintegration@exsitec.se

The companyID id: 3011270

 

Thanks! 

/Frida 

Anonymous
Not applicable

by Anonymous

Hi!

 

Here they are: 

 

They are both from right now. 

From swagger: 97382d24-2807-4624-9b76-90a17368eb3c 

 

From integration: b290ebe0-b554-413b-a72e-8ce021a27d5b

 

/Frida 

Yıldırım
VISMA

by Yıldırım (Updated ‎09-10-2020 16:00 by Yıldırım VISMA )

No worries ! 🙂


We've checked the Licence, it looks fine. As you also confirmed that you can retrieve access granted companies in GET Context. 

There might be a problem with sync/provisioning of user roles for that user.
Can you remove the roles from Admin Panel > Save and then add it again, thus another sync can be triggered ?

 

Could you try to authorize with another user that is having Financials Administrator & Financials User Roles on the same company ? Apparently frida.jakobsson@exsitec.se also has those roles on the "Nytt Demo Skogsåkarna i Mellansverige AB"

Anonymous
Not applicable

by Anonymous

Hi, 

I have removed the access from the integration user from the admin panel, saved, then given the user access again but same 500 error. 

 

I added my user on the company about 1 hour ago to test. Removed it completely now then added it again. Unfortunately the same 500 code. 

 

When I use frida.jakobsson@exsitec.se on swagger and change the companyID to my testcompany ( company ID 2117472) I get a 200 response code

 

(same https://integration.visma.net/API/controller/api/v1/account on all three attempts)

 

/Frida

Yıldırım
VISMA

by Yıldırım (Updated ‎09-10-2020 16:49 by Yıldırım VISMA )

Are you able to access to the Financials UI with skogsvnintegration@exsitec.se? Contacted with ERP Support and it seems TOS haven't been accepted for that company, if you can log in to UI, this could also trigger the role sync. 

Login at : https://signin.visma.net/

On the other hand, frida.jakobsson@exsitec.se has access to company "3011270" with Financials Administrator and Financials User roles so please try the same process with your own user as well,  login to UI first, check if it's accessible then make a GET Request via API for instance with Customer  Endpoint.

KonsultVn
CHAMPION ***

by KonsultVn

Yes we are able to access it, we logged in a while after lunch and activated our user but for some reason it still says "inactive" in admin even though I have been in the system about 5 times since we created this user. I have tried to log in and out a few times in hope of kickstarting the sync but still nothing works. 

 

Integration user - did not work after yet again logging into the UI 

My user - same as integration user

 

But if the TOS hasn't been approved we shouldn't be able to start any companies on their license so that sounds weird to me. 

 

/Frida

Yıldırım
VISMA

by Yıldırım (Updated ‎09-10-2020 17:16 by Yıldırım VISMA )

Unfortunately we don't have information about why your ERP user is still inactive but that might be the case with the transaction access. Are there another user that has been activated earlier you can try with ? 

 

If revoking roles and re-log to UI did not help, we'd recommend, checking this over tomorrow, there is an automated system sync for Financials ERP Role Services works every night maybe this can help.

 

We've also escalated this to the licensing department.

KonsultVn
CHAMPION ***

by KonsultVn

Hi, 

 

I can't say for sure if our 'old' integration user we used for pre-test worked or not but I am 95% sure that we couldn't reach this one CompanyID with any user. That's why it was so urgent. 

 

It seems to be working now and we can use our intended API user in our integration so we have started the testing without any problems 🙂

 

But the user is still labeled as 'inactive' in the UI and we are worried about if this is going to happen when we create this company's production company or maybe if there is something on their licens that looks wrong (ex. TOS etc.) Can you have a look to see why this is? 

 

/Frida 

Accepted solution
Yıldırım
VISMA

by Yıldırım (Updated ‎14-10-2020 11:33 by Yıldırım VISMA )

Hi, 


Infrastructure team is currently investigating why provisioning of the new user roles were not immediately reflected and started to work again from 2020-10-11 17:39:34.000 and onwards.
(https://status.visma.com/incidents/hgk2638tjd8v)

Regarding the Visma.Net user is labelled as 'inactive, since this is related to ERP User management we'd recommend  contacting your ERP Partner Support to clarify.  

Thanks.

Florian Haase
PARTNER

by Florian Haase

Aren't this tokens related to both user and clientId/secret?

I don't think its possible to use a token within different clientIds even its the same user? Right?

 

Florian

Anonymous
Not applicable

by Anonymous

But we get the same error when using swagger. 

 

When I use my own log-in I can access the different companies I put my user on even if they are on different licensen as long as my user is added to that licens (tried a simple GET request). But when I add my user to the customer (in question) I get the response from my first post.

 

When I created the API user for the customer it is on their license and it was no problem generating the token but when using it on swagger I get the response from my first post. Tried to erase that user and create a new one but the same problem unfortunatley. And I have tried to generate a new token but still the same problem. 

 

/Frida