Since the Visma.net ERP API was released authentication has been handled by an implementation of the OAuth 2.0 protocol called VNI. This has served us well, but it has some limitations that makes it somewhat cumbersome to work with both for you as developers and internally in Visma.
Since the release of the Visma.net ERP API, the importance of APIs and number of integrations has grown rapidly and the amount of traffic we have received on the API has doubled year over year. More importantly, the requirements to securing the APIs are constantly increasing, and protecting our customers' data is always a top priority for us.
In the last few years we have developed our Visma Connect product into a state of the art implementation of the OAuth 2.0 protocol, including surrounding tools like the Visma Developer Portal and Visma App Store.
Using Visma Connect as the authentication provider for the Visma.net ERP API is therefore an important step to keep your integrations and our customers' data secure.
Why should you switch?
There are multiple reasons why you should upgrade your applications to use the Visma Connect authentication provider.
Visma Connect is more secure than VNI.
Visma Connect supports the Client Credentials-flow, this makes it possible to create machine-to-machine integrations.
Handling of your application is done self-service in the Visma Developer Portal, this includes creating new applications, managing credentials (ClientId and Secret), managing token lifetimes, scopes and much more.
The new next generation APIs for Visma.net ERP, like the Sales Order Service uses Visma Connect, therefore when you switch to Visma Connect for your application you can reuse the same authentication.
All new integrations should use the Visma Connect authentication mechanism. The existing VNI authentication-mechanism will be deprecated during 2023, so please consider changing your integrations already. The attached PDF is a detailed guide on how you could migrate your existing integrations to use Visma Connect.
The Visma.net ERP API documentation is created using Swagger, which presents a graphical user interface for documenting the endpoints. The documentation can be found here: https://integration.visma.net/API-index/.
An added benefit of using Swagger to present the documentation is that you can test the API by making API-calls directly from the documentation. This guide describes how to do that.
Visma.net ERP API supports two different authentication-flows targeted against different types of applications. The functionality of the API is identical for the two flows. Visma net ERP Interactive API
This flows is designed for applications/integrations that should run in the context of a specific user and requires the users to sign in using their Visma.net ERP credentials. All API calls will impersonate this user.
Visma net ERP Service API
This flow is designed for applications that should not run in the context of a user, but in the context of the application/integration itself. The authentication does not require a user to sign in. The flow is especially targeted against service-applications running in the background without user interaction.
You can switch between the to flow in the Select an API: - drop-down on top of the documentation page.
Once you have selected the desired flow, you can authenticate to the API by pressing the Authorize button. The flow will be different for the two methods so the rest of this article will be divided into to parts.
Visma net ERP Interactive API
When pressing the Authorize-button you will be presented with a Visma.net sign-in screen i a new window or tab. Any Visma.net user can be used to sign in here, but the user must have the role API User on one or more Visma.net Financials companies. This role can be set from Visma.net Admin:
After you have logged in with you username and password you will be presented with the context-selector screen if you have the API User role on more than one Visma.net Financials company. Select the company you want to work with. If you only have access to one company the screen will be omitted and the company will be automatically selected.
When the company is selected you will be brought back to the Swagger UI and presented with a confirmation screen. You can now close this screen and start making your API-requests.
Visma net ERP Service API
As mentioned the service flow does not require a user to log in, but it needs to identify the application that are making the API requests. These types of applications needs to be created before the can be used in the Visma Developer Portal. A guide to how you can register this application can be found here.
Once you application has been registered and you have received your Client ID and Client Secret, a representative for the company you want to access needs to approve your applications access from Visma App Store. You also need a Tenant ID, which is the unique identifier for a Visma.net Financials company. This Tenant ID can be found in Developer Portal for all the companies that has approved your applications access.
When you press the Authorize-button you will be presented with a popup where you can supply your Tenant ID, Client ID and Client Secret and select the required scopes (access permissions).
Press the Authorize-button to get your access token.
Making API requests
To make an API-request choose the endpoint you want to use and press the Try it out button.
You now have the list of available parameters visible and you can type in a value to any of the parameters you need. After you have filled in your parameters press Execute to execute the request.
The API request will be executed and the result will be visible in the UI: