johanpettersson
CONTRIBUTOR *

Single or multiple api clients/redirect uri:s

by johanpettersson

Hi,

 

We are developing an integration for Visma.net and have some questions regarding the api client (client id) and the redirect uri.

 

Our product is not a centralized system, we have separate system installations for each customer (some on premise, some hosted by us). Do you have any best practices in these scenarios, regarding the api client and redirect uri? The authorization flow uses a redirect uri, which will vary in this case.


- Should we use a separate api client for each customer integration?
- Should we use a single api client and allow multiple redirect uri:s for the api client?
- Should we use a single api client and specify a single central redirect uri and route our authorization requests to/from this uri?

 

We would really like your feedback regarding this use case.

1 REPLY 1
Yıldırım
VISMA

by Yıldırım (Updated ‎29-10-2021 13:47 by Yıldırım VISMA )

Hello Johan, 

 


@johanpettersson wrote:

1- Should we use a separate api client for each customer integration?
2-Should we use a single api client and allow multiple redirect uri:s for the api client?
3-Should we use a single api client and specify a single central redirect uri and route our authorization requests to/from this uri?

1- The recommended way is, using a single API Client. Usage / Flow details can be seen in the Startup Guide.
ISV / Integrator should ask their ERP Customer to have a different user for each integration/company. In this way, the integrator will use the same "client_Id" for all the integrations, but the ERP Customer will be using a different user for each company during the authorization. This is the recommended setup for our ISVs for obtaining a token while using the same ClientID for all the integrations. 
In this way, If something goes wrong with one of the integrations (e.g. token gets invalidated), ISV generates a new token, then the other integrations will not be affected thus ISV can continue to use their existing token/s.

2- It is up to your preference as to what flow suits you the best. An API Client can contain multiple redirect URIs.
E.g. with a "State" parameter. State is an optional parameter you could provide to differentiate different sessions or calls to the login-page. The value of the parameter is sent back to your application in the redirect_uri call. For instance, If you are hosting a web-application, you can have multiple requests going at the same time for multiple users. The state will then be used to differentiate the calls when the redirect-call is done.

3- This should be determined by your integration developers based on the system/landing pages you'd like to establish. As mentioned above, multiple redirect URI can be registered to the client. 

 

We have an article "Visma.net ERP API Integrations Startup Guide"where you can find the relevant information about the mentioned scenarios.

 

There are also more training materials should be available in your Visma Academy account which should've been assigned to you during the Visma.net Financials API Onboarding course.

 

If you need any further information, please let us know.
Thanks.