My Products
Help

Knowledge base in Developers Visma.net

Sort by:
Since the Visma.net ERP API was released authentication has been handled by an implementation of the OAuth 2.0 protocol called VNI. This has served us well, but it has some limitations that makes it somewhat cumbersome to work with both for you as developers and internally in Visma.   Since the release of the Visma.net ERP API, the importance of APIs and number of integrations has grown rapidly and the amount of traffic we have received on the API has doubled year over year. More importantly, the requirements to securing the APIs are constantly increasing, and protecting our customers' data is always a top priority for us.   In the last few years we have developed our Visma Connect product into a state of the art implementation of the OAuth 2.0 protocol, including surrounding tools like the Visma Developer Portal and Visma App Store.   Using Visma Connect as the authentication provider for the Visma.net ERP API is therefore an important step to keep your integrations and our customers' data secure.     Why should you switch? There are multiple reasons why you should upgrade your applications to use the Visma Connect authentication provider. Visma Connect is more secure than VNI. Visma Connect supports the Client Credentials-flow, this makes it possible to create machine-to-machine integrations. Handling of your application is done self-service in the Visma Developer Portal, this includes creating new applications, managing credentials (ClientId and Secret), managing token lifetimes, scopes and much more. The new next generation APIs for Visma.net ERP, like the Sales Order Service uses Visma Connect, therefore when you switch to Visma Connect for your application you can reuse the same authentication.   All new integrations should use the Visma Connect authentication mechanism. The existing VNI authentication-mechanism will be deprecated during 2023, so please consider changing your integrations already. The attached PDF is a detailed guide on how you could migrate your existing integrations to use Visma Connect.
View full article
07-12-2022 16:19 (Updated 07-12-2022)
  • 2 Replies
  • 0 kudos
  • 13802 Views
Using webhooks can significantly improve the performance of your integration. With webhooks you can subscribe to changes and actions that happens in Visma.net and trigger functionality in your application.  This article explains how webhooks works, and how you can implement this.
View full article
22-01-2020 15:52 (Updated 24-06-2024)
  • 3 Replies
  • 1 kudos
  • 10749 Views
What is OAuth 2.0 Grant Type? In OAuth 2.0, the term “grant type” refers to the way an application gets an access token. OAuth 2.0 defines several grant types, in Visma.Net Integrations the grant type used as of today is “Authorization Code”. Each grant type is optimized for a particular use case, whether that’s a web app, a native app, a device without the ability to launch a web browser, or server-to-server applications.   The Authorization Code Flow The “Authorization Code” grant type is generally used by web and mobile apps. It’s different from other grant types in that it requires the application to open a browser to initiate the flow. Therefore the client application has to be able to interact with the users browser and receive incoming requests from the authorization server.  The flow is split up in two parts: The application starts an authorization code request. The application opens a browser to send the user to the OAuth server. The user sees the authorization prompt and approves the app’s request. The user is redirected back to the application with an authorization code in the query string. The application starts an access token request. The application requests an access token with the authorization code provided in the previous step. The OAuth server exchanges this authorization code for an access token Getting the User’s Permission The point of using OAuth is to enable users to get access to the parts of the Application that they need. To be able to do this the application first has to decide what permissions it is going to ask for, then send the User to a browser to get their permission to do this. To start the flow the application constructs a URL like the following and opens a browser to that URL.   GET https://integration.visma.net/API/resources/oauth/authorize ?response_type=code &client_id={yourApiClientID} &redirect_uri={yourRegisteredRedirectURI} &scope=financialstasks &state={randomStringGeneratedByApplication}   Here’s each of the query parameters explained: response_type=code - This tells the authorization server that the application is initiating the authorization code flow. - This field is mandatory and has to be “Code”. client_id - The public identifier for the application. - This field is mandatory and is obtained when registering for Visma.Net Integrations redirect_uri - Tells the authorization server where to send the user back to after they approve the request. - This field is mandatory and must match the URI you registered for Visma.Net Integrations scope - One or more space-separated strings indicating which permissions the application is requesting. - This field is mandatory and case sensitive, it has to be financialstasks state - The application generates a random string and includes it in the request. It should then check that the same value is returned after the user authorizes the app. This is used to prevent CSRF attacks. - This field is recommended for the reasons stated previously When the user is redirected to the authorization server they will be prompted to enter their credentials to allow the applications request.   Redirect back to the Application If the user approves the request, the authorization server will redirect the browser back to the redirect_uri specified in the request, adding a code and state to the query string. For example, the user will be redirected back to a URL such as: https://yourApplicationLivesHere.com/redirect ?code={authorizationCodeGeneratedByAuthServer} &state={randomStringGeneratedByApplication}   The state value will be the same value that the application initially set in the request. The application is expected to check that the state in the redirect matches the state it originally set. This protects against CSRF and other related attacks. The code is the authorization code generated by the authorization server. The lifespan of this code is 10 minutes. Exchange the Authorization Code for an Access Token The second part of the Authorization Code flow is to exchange the Authorization Code the user just received for an Access token. The application makes a POST request to the token endpoint. There are two ways of doing this, HTTP Basic authentication and sending the client_ID and client_Secret in the request body. Both ways require a couple of parameters. Here’s each of the query parameters explained: grant_type=authorization_code - This tells the token endpoint that the application is using the Authorization Code grant type. - This has to be “authorization_code”. Code - The application includes the authorization code it was given in the redirect.  redirect_uri - The same redirect URI that was used when requesting the code.  client_id - The application’s client ID. - This is the ID obtained when registering for Visma.Net Integrations. client_secret - The application’s client secret. This ensures that the request to get the access token is made only from the application, and not from a potential attacker that may have intercepted the authorization code. - This is the secret obtained when registering for Visma.Net Integrations. Please note: All these fields are mandatory. 1. HTTP Basic authentication The HTTP Basic authentication scheme is the preferred way and we encourage all clients that can utilize this authentication scheme to use it. It is done by providing an Authorization header on the request:   Authorization: Basic XXXXXXXXXX= - The value of the Authorization header is a string composed from the authorization method a space(“Basic “) followed by a Base64 encoded string obtained from combining client_ID and client_Secret separated by a colon(client_id:client_secret). Example of this can be seen below: Request Header: POST https://integration.visma.net/API/security/api/v2/token Content-Type: application/x-www-form-urlencoded Authorization: Basic Y2xpZW50X2lkOmNsaWVudF9zZWNyZXQ= Request Body: grant_type=authorization_code& code={authorizationCodeGeneratedByAuthServer}& redirect_uri={yourRegisteredRedirectURI}& 2. Request body The second option for the client is to send it's client_id and client_secret to Visma.net Integrations in the request body. This option should be used by clients that cannot utilize HTTP Basic authentication directly. Example of this can be seen below: Request Header: POST https://integration.visma.net/API/security/api/v2/token Content-Type: application/x-www-form-urlencoded Request Body: grant_type=authorization_code& code={authorizationCodeGeneratedByAuthServer}& redirect_uri={yourRegisteredRedirectURI}& client_id={yourApiClientID}& client_secret={yourApiClientSecret} Please note: All the request parameters sent to https://integration.visma.net/API/security/api/v2/token must be sent on request body. Even though the entire transmission is encrypted when using HTTPS, it is not recommended to send sensitive information (password and client_secret) in the URL as query parameters. The URLs are stored in web server logs which means that your sensitive data is saved in clear text on the server. The token endpoint will verify all the parameters in the request, ensuring the code hasn’t expired and that the client ID and secret match. If everything checks out, it will generate an access token and return it in the response. A successful response will look like this: Response headers: HTTP/1.1 200 OK Content-Type: application/json Response body: { "token": "1f729814-1a98-4c8e-860b-76ec004742f5", "token_type": "bearer", "scope": "financialstasks" } Now the client can start using the token and token_type to make requests through VNA against Visma.net Visma.net Financials resources. Please note: Once generated, the token currently does not expire; the token can be used for making subsequent calls towards the exposed endpoints. A new token should not be generated before making a new call; the token is not connected to the session.  
View full article
28-01-2020 14:30 (Updated 28-01-2020)
  • 6 Replies
  • 0 kudos
  • 9630 Views
The Visma.net ERP API documentation is created using Swagger, which presents a graphical user interface for documenting the endpoints.  The documentation can be found here: https://integration.visma.net/API-index/.   An added benefit of using Swagger to present the documentation is that you can test the API by making API-calls directly from the documentation. This guide describes how to do that. Authentication-methods Visma.net ERP API supports two different authentication-flows targeted against different types of applications. The functionality of the API is identical for the two flows. Visma net ERP Interactive API This flows is designed for applications/integrations that should run in the context of a specific user and requires the users to sign in using their Visma.net ERP credentials. All API calls will impersonate this user.  Visma net ERP Service API  This flow is designed for applications that should not run in the context of a user, but in the context of the application/integration itself. The authentication does not require a user to sign in. The flow is especially targeted against service-applications running in the background without user interaction.   You can switch between the to flow in the Select an API: - drop-down on top of the documentation page.      Once you have selected the desired flow, you can authenticate to the API by pressing the Authorize button. The flow will be different for the two methods so the rest of this article will be divided into to parts. Visma net ERP Interactive API When pressing the Authorize-button you will be presented with a Visma.net sign-in screen i a new window or tab. Any Visma.net user can be used to sign in here, but the user must have the role API User on one or more Visma.net Financials companies.  This role can be set from Visma.net Admin:     After you have logged in with you username and password you will be presented with the context-selector screen if you have the API User role on more than one Visma.net Financials company. Select the company you want to work with. If you only have access to one company the screen will be omitted and the company will be automatically selected. When the company is selected you will be brought back to the Swagger UI and presented with a confirmation screen. You can now close this screen and start making your API-requests. Visma net ERP Service API As mentioned the service flow does not require a user to log in, but it needs to identify the application that are making the API requests. These types of applications needs to be created before the can be used in the Visma Developer Portal.  A guide to how you can register this application can be found here. Once you application has been registered and you have received your Client ID and Client Secret, a representative for the company you want to access needs to approve your applications access from Visma App Store. You also need a Tenant ID, which is the unique identifier for a Visma.net Financials company. This Tenant ID can be found in Developer Portal for all the companies that has approved your applications access. When you press the Authorize-button you will be presented with a popup where you can supply your Tenant ID, Client ID and Client Secret and select the required scopes (access permissions).   Press the Authorize-button to get your access token.   Making API requests To make an API-request choose the endpoint you want to use and press the Try it out button.   You now have the list of available parameters visible and you can type in a value to any of the parameters you need. After you have filled in your parameters press Execute to execute the request.   The API request will be executed and the result will be visible in the UI:      
View full article
17-02-2023 13:00 (Updated 17-02-2023)
  • 12 Replies
  • 1 kudos
  • 8019 Views
Manage environments Creating a new environment You can create a new environment from the: Manage Environments icon New button Launch screen Manage environments icon Click "Manage Environments" icon in the upper right corner of the Postman app. Select “Manage Environments”. Click the Add button. New button In the header toolbar, click the New button or click the “Gear” Manage Environments icon   Click "Environment" and enter a name for the new environment.   Add the variables you want to save as key-value pairs.   Click the Add/Update button. Manage Environments to change the values with your own   base_uri:currently pointing to API environment <https://integration.visma.net/API> client_id: The client identifier given to the client during the Application registration process. client_secret: The client secret given to the client during the Application registration process. redirect_uri: (CallbackURL)The Application’s callback URL that’s registered with the server. If not provided, Postman uses a default empty URL and extracts the code or access token from it. company_id: Financials companyId that will be used on API calls   scope:The scope of the access request {financialstasks} state: An opaque value that prevents cross-site request forgery auth_URL: The endpoint for authorization server, which retrieves the authorization code.<https://integration.visma.net/API/resources/oauth/authorize> Access_Token_URL: The endpoint for the resource server, which exchanges the authorization code for an access token. <https://integration.visma.net/API/security/api/v2/token>     oAuth2 OAuth 2.0 is an authorization type that enables you to approve an application that contacts another application for you without exposing your password. To use the OAuth 2.0 authorization in Postman In the Authorization tab, select "OAuth 2.0" from the TYPE drop down menu. From the "Add authorization data to" drop down menu, select either "Request URL" or "Request Headers". To set the authorization parameters for a request, you have three options: Click the Get New Access Token button. The screen appears.  Enter the appropriate values, click the Request Token button to populate the "Access Token" field, and then click the Send button. In the "Access Token" field, enter a token, or an environment defined variable, and click the Send button. In the "Available Tokens" drop down menu, select an existing token and click the Send button.     Get New Access Token After clicking the Get New Access Token button , Postman brings the following screen where user should fill out the parameters.     The values used here are the variables defined in the environment. After filling the parameters user needs to click Request Token button.   You will be directed to a Visma.net login, enter your credentials and sign in.     Allow Visma.net Integrations to connect to your account.     After you click the Allow button and if entered data is correct, you will see the Postman window that has the token. By default Postman expects to find a field named: access_token in the response. Since the Visma.Net response contains a field named  token , instead of access_token, Postman cannot auto-detect it as an access_token     Copy the value of token , close the MANAGE ACCESS TOKENS screen and paste it in the Access Token field.       We also recommend taking a look at : Connecting your Visma.Net Financials company to the API OAuth 2.0 Authorization Flow
View full article
28-01-2020 15:28 (Updated 23-05-2021)
  • 0 Replies
  • 1 kudos
  • 7672 Views
Setup up your user rights To be able to use Visma.Net API you need to make sure your visma user have the correct roles on the Financials company you want to use it for. Login with your Visma.Net Account : https://signin.visma.net and go to Admin Panel. 1- Visma.Net Admin 1.A- To be able to edit the access rights you need to be logged in with a user with “Customer administrator” role.   1.B- To set your rights, click on Visma.Net Financials in the top left corner and choose Admin.   2-User and roles 2.A- When you have accessed Visma.net Admin click on “User and roles”.  2.B- Head to the “User” tab. 2.C- Search for your username and click your name. 3-Company access and rights 3.A- If the company you want to edit roles for does not exist in the list under your username, click the “Add access to” menu and look for the company you wish to add.      3.B- Find the company you want to edit roles for.     3.C- On the line for the desired company, press the field for “Financials” and add the roles “Financial Administrator” & “Financials User”.   Swagger Our Swagger is a good point for you to start using the API.   Connect to your Visma.Net account Authorize and get a VNF token to use in Swagger. Click “Authorize” on the right side of the interface.     Tick the box for “financialstasks” and press “Authorize”     You will be directed to a Visma.net login, enter your credentials and sign in.(If you are not asked to enter your credentials but get directed to the next step straight away, please clear your cookies in your browser and retry)     Allow Visma.net Integrations to connect to your account.     When you have allowed the connection you see that you are now authorized in Swagger. Close the window and proceed to use Swagger.   Start using Swagger The first thing you need to do is check what companies your visma.net financials user have access to. You can find the names and Ids via the “Context” endpoint. Scroll down to the “Context” endpoint and expand it.     Expand the first GET method - Get the companies available for this token, and press “Try it out”.     You will now see a button, “Execute”, press it and you’ll notice the result below will have updated to show your available companies. You’ll also see the request URL.     In the list, decide which company you want to use and copy the “id:”, this is the Id you will add to your “ipp-company-id” header when you are making requests. For now scroll back up to the top and paste the ID in the field “ipp-company-id”. When you have filled this field, the requests you execute via Swagger will target that company.     We also recommend taking a look at : OAuth 2.0 Authorization Flow  
View full article
27-01-2020 10:29 (Updated 25-11-2021)
  • 0 Replies
  • 1 kudos
  • 6614 Views
Most users of Visma’s cloud solutions have Visma Home as their startpage to access all applications they use in their daily work. So if you have an application that is relevant as part of the users daily work it could be useful to have your application visible on Visma Home as well. This guide describes the steps you need to take to expose your application on Visma Home.
View full article
20-09-2022 08:00
  • 2 Replies
  • 0 kudos
  • 5902 Views
About paging When getting lists of data from API-endpoints it will be most efficient for both the client and server to divide the result into portions instead of getting all the data returned at once. The Visma.net API supports this by implementing a method called paging. Paging means that when you request lists of data you should also provide two extra query-parameters called pageSize and pageNumber. pageSize: The maximum number of records you want to have returned on each page (the length of each page) pageNumber: The page you are requesting.   Example In the database you have 350 customers, you make a GET request to the Customer-endpoint to get all these. To limit the number of customers received you can divide this into pages that contain upto 100 customer (pageSize=100). To get the complete list you then have to make 4 requests to the Customer-endpoint:     Request Result 1 GET /customer?pageSize=100&pageNumber=1  Returns the first 100 customers (1-100) 2 GET /customer?pageSize=100&pageNumber=2 Returns the second page of 100 customers (101-200) 3 GET /customer?pageSize=100&pageNumber=3 Returns the third page of 100 customers (201-300) 4 GET /customer?pageSize=100&pageNumber=4 Returns the last page of remaining customers (301-350)   Paging is implemented on all GET endpoints that returns lists in the Visma.net API. It is mandatory to use the parameters pageSize and pageNumber in all requests to endpoints that support this. How paging is implemented in Visma.net API For all endpoints that return lists paging is implemented by providing two queryparameters, pageSize and pageNumber. For all endpoints these parameters are documented in the swagger documentation (https://integration.visma.net/API-index/). For all endpoints that provide these parameters it is important that your integration provide these for all requests. If not provided default-values will be used and you will potentially not receive the complete resultset. In the swagger-documentation you can see the default-value for the specific endpoint. Default parameter values Parameter Default value (if not provided) pageNumber 1 pageSize Can vary from endpoint to endpoint, can also change over time. Maximum value for the pageSize parameter is bound to the default-value that will also represent the maximum value allowed. Meaning that if you specify a value in pageSize that is greater than the default value, the endpoint will only return the number of records defined by the default value for pageSize in this endpoint. In addition to swagger-documentation the maximum allowed value for pageSize will also be returned as part of the metadata-property in the returned JSON-data. The value will have the name maxPageSize.               "metadata": { "totalCount": 450, "maxPageSize": 500 }               Metadata As part of every request to an endpoint that supports paging you will get a metadata-property returned as part of the returned JSON-data. This metadata is provided to give your integration information about the available results and restrictions of the current request. The metadata-property will provide the following values:               "metadata": { "totalCount": 450, "maxPageSize": 500 }                 Value Description totalCount The total number of results for the current request regardless of pages. Example: GET /customer?name=Norwegian?pageSize=5&pageNumber=1 This request will return the first page of 5 customers with the name containing “Norwegian”. However, in the database there are 12 customers with names containing “Norwegian”, so the totalCount will have the value 12. maxPageSize The maximum pageSize you can set for this endpoint. If you specify a number higher than this, the result will be restricted to only return the maxPageSize number of records.   You can use the values in the metadata to calculate the number of pages you need to get in order to receive the whole result-set based on the pageSize you are using. Paging in combination with filters Most GET-endpoints in the API contain filter-parameters. These are used to narrow down the resultset to only contain the records that are relevant to the request. It is important to notice that when these filter-parameters are used in combination with the paging-parameters, the resultset is defined as the total resultset for the specified filter-parameters. This means that if the resultset spans across multiple pages, the exact same filter-parameters must be specified for all subsequent requests to get the following pages. The Visma.net API contains no state to store what pages/records have been delivered, so every request will be handled independent of previous requests. The figure below illustrates what results will be included in each page based on three different queries with different values for parameters lastModifiedDateTime and pageSize. Query 1: ?lastModifiedDateTime=2020-03-01T00:00:00&lastModifiedDateTimeCondition=>=&pageSize=3 The resultset will be divided into 4 different pages, meaning that you have to make 4 requests to the API, with the exact same values for parameter lastModifiedDateTime, lastModifiedDateTimeCondition and pageSize. The pageNumber-parameter will define what results you will get, marked by the numbers 1-4 and the colors yellow, pink, green and blue in the figure.   Query 2: ?lastModifiedDateTime=2020-03-01T00:00:00&lastModifiedDateTimeCondition=>=&pageSize=5 The resultset will be divided into 2 different pages, meaning that you have to make 2 requests to the API, with the exact same values for parameter lastModifiedDateTime, lastModifiedDateTimeCondition and pageSize. The pageNumber-parameter will define what results you will get, marked by the numbers 1-2 and the colors green and purple in the figure.   Query 3: ?lastModifiedDateTime=2020-03-06T00:00:00&lastModifiedDateTimeCondition=>=&pageSize=3 The resultset will be divided into 2 different pages, meaning that you have to make 2 requests to the API, with the exact same values for parameter lastModifiedDateTime, lastModifiedDateTimeCondition and pageSize. The pageNumber-parameter will define what results you will get, marked by the numbers 1-2 and the colors blue and gray in the figure.       If you do not keep these parameters constant (the pageSize is changed), and do the following set of requests:   ?lastModifiedDateTime=2020-03-01T00:00:00&lastModifiedDateTimeCondition=>=&pageSize=3&pageNumber=1 ?lastModifiedDateTime=2020-03-01T00:00:00&lastModifiedDateTimeCondition=>=&pageSize=5&pageNumber=2 This will result in you getting the following records: First request: Record 1,2,3 Second request: Record 6,7,8,9,10 As you can see the records 4 and 5 will not be returned to you. New records added while getting pages Sometimes new records are added to or removed from the database by other uses while you are getting the records using paging. In that scenario the totalCount metadata-property will always change to reflect the new total number of records available for your query. Because of this it is important to always check the value of totalCount for each GET request to retrieve a new page, to be able to calculate the total number of pages needed to get the complete resultset. Example You want to get all the customer with status=”Active”, the results should be divided into pages with 10 customers (pageSize=10). You make the following request to get the first 10 customers. GET/customer?status=Active&pageSize=10&pageNumber=1 As part of the response you get the metadata including the totalCount - property that tells you that the total number of results are 30.           "metadata": { "totalCount": 30 }             3. This means that you have to repeat the request two more times to get the full result-set. 4. You make the second request to get the next 10 customers. GET/customer?status=Active&pageSize=10&pageNumber=2 5. As part of the response you again get the metadata including the totalCount - property, but this now tells you that the total number of results are 32. Meaning that two new customers have been added or changed status to Active by another user               "metadata": { "totalCount": 32 }               6. This means that you now have to make a total of 4 requests to get the complete result-set. (10+10+10+2). This shows that your client should always keep track of the total number of results received and the total count of results available to make sure that you always get the complete result-set. The following code-example represents a possible implementation of this.                 def get_all_active_customers(): page_size = 10 # The pageSize we want to use nest_page_number = 1 # The next page to get, initial value = 1 results_recieved = 0 # The number of results we've recieved total_count = 1 # The total number of results available #If we've revieved less than the total number of resultes, we make a new loop while results_recieved < total_count: response = request.get('https://integration.visma.net/API/controller/api/v1/customer', params={ 'status': 'Active', 'pageSize': page_size, 'pageNum': next_page_number }, headers={ 'Accept': 'application/json', 'Authorization': 'Bearer' + token, 'ipp-company-id': company_id, 'ipp-application-type': 'Visma-net Financials' } | ) if response.status_code == 200: result = json.loads(response.text) # Decodes the recieved JSON # {handle the results} # Increments the number of results recieved by the number of results recieved by this request results_recieved += result.len total_count = result[0]['metadata']['totalCount'] # Updates the total_count variable with the current total count of results next_page_number += 1 # Increments the next page to get by 1             Reference: www.visma.no/erp/api/dokumentasjon/paging Enforcement of pagination on API endpoints and change of maxPagesize - September release (8.25)
View full article
28-07-2020 16:22 (Updated 05-02-2021)
  • 0 Replies
  • 0 kudos
  • 5735 Views
Request Limitation(throttling) is applied based on per client,  As of today, there is 500 transactions/calls allowed per company, per hour during the development phase(Test Client)
View full article
03-02-2021 14:54 (Updated 02-10-2024)
  • 0 Replies
  • 0 kudos
  • 5378 Views
As a Visma ISV you have the opportunity to showcase your Visma-integrated applications on our Visma App Store (https://apps.visma.com). The Visma App Store is the end customers portal, where all customers of Visma products can find, activate and administer the applications and add-ons to their products. This article describes how you can use Visma Developer Portal to create and manage apps for display on Visma App Store
View full article
06-09-2022 10:49
  • 0 Replies
  • 0 kudos
  • 5298 Views
In this article, you can find guidelines for how to use Visma.Net API Endpoints connected to the Customer Ledger from Visma.Net Financials.          
View full article
22-01-2020 15:53 (Updated 24-01-2020)
  • 0 Replies
  • 0 kudos
  • 5083 Views
Visma.Net Integrations - API Client Configuration In this document we will go through what needs to be done after you completed your Visma.Net Integration certification.  Redirect_URI The first thing you need to do to configure your API client is to set up a redirect_URI.  Redirect URIs are a critical part of the OAuth flow. After a user successfully authorizes an application, the authorization server will redirect the user back to the application with an authorization code in the URL. Because the URL will contain sensitive information, it is critical that the service doesn’t redirect the user to arbitrary locations.    Due to this, it is required to specify one or more redirect URIs when you register your integration with Visma.Net. For production, it is required that the provided URI is set up with HTTPS.    When you have a redirect URI, this should be sent to your partner service in order to be able to get your Client_ID and Client_Secret. When this has been processed, you will receive an Activation email for your registration, the link to activate your Client_Id will be active for 5 days, so make sure to do this when the email is received:     API client types For Visma.Net there are two client types available, API “test client” and “production client” (also known as live) Test Clients All new API clients are generated as the type “Test”. In the test client there is a limit to the allowed calls per hour, which is set 500 calls/hour/per company.   ℹ️ When you are ready to go live with your integration you need to contact your partner service to obtain the "production" type API Client. Production Clients In the Production Client, the limit for calls  is ​15,000 calls / per hour & per company (since version: 8.25) Please also see, Why am I receiving "HTTP 429 - Too many request / throttling" response from API ? Visma.Net Integrations Startup Guide Visma.Net API International Support Policy Contacting the Visma.Net ERP Support / Partner Service API incidents - Troubleshooting and reporting
View full article
29-10-2020 11:57 (Updated 29-10-2021)
  • 0 Replies
  • 2 kudos
  • 4482 Views
Currently, the "Attributes" parameter is exposed on the following endpoints.  Endpoint Customer CustomerContract Inventory Project Supplier   Setting the attributes for other assets works in the same way as for e.g. customer.    To set Attributes on Customers and Inventory Items you first need to Create the attributes in the UI. Assign the attributes to the Customer/Inventory etc. Classes respectively. Assign the class to the Customer/Inventory Item you want to use them on. Set the values of the attributes. 1. Creating the attributes: You can do this in the Attributes screen(ScreenId=CS205000): 2. Assigning the attributes to the class: Customer You can either reach the customer classes by Going to screen ScreenId=AR2010PL Clicking on the pen next to the class in the customer card: Here you then add attributes based on the attributes you have created in the attributes screen. Inventory You can either find the Item classes by: Going to the Item class screen(ScreenId=IN201000) Or clicking in the pen next to the Item class in the Inventory screen: Same as for customer, you can add attributes here based on the attributes you have created in the Attributes screen.   3/4. Setting the attributes and their values When this has been done, you can under the Attributes tab add the attributes from the classes the Customer/Inventory belongs to and set their values:   Using the attribute parameter via the API   To use these attributes, below is the syntax to use in your query: Filtering on several attributes. {{base}}/inventory?attributes={"AttributeID1":"ValueID1","AttributeID2":"ValueID2"} Filtering on date time {{base}}/inventory?attributes={"DATETIME":"2019-04-19"} Filtering on text. It will not match partial strings. only exact string. {{base}}/inventory?attributes={"TEXT":"long text to filter upon"} Filtering on True/False {{base}}/inventory?attributes={"ACTIVE":"1"} With special case for Multiple selection combo: {{base}}/inventory?attributes={"AttributeID":"ValueID1,ValueID2"}​ When encoding your query, the "equal sign" should not be encoded, below is an example for the customer endpoint and accepted forms of encoding it: Customer Endpoint: GET {baseUrl}customer?attributes={"DATETEST":"2019-01-01","TEST":"testvalue"} Encoded: (both encoding examples below are accepted) customer?attributes=%7B"DATETEST":"2019-01-01","TEST":"testvalue"%7D customer?attributes=%7B%22DATETEST%22%3A%222019-01-01%22%2C%22TEST%22%3A%22testvalue%22%7D Inventory Endpoint Inventory?attributes={"TEST":"testvalue"} Encoded: (both encoding examples below are accepted) inventory?attributes=%7B"TEST":"testvalue"%7D inventory?attributes=%7B%22TEST%22%3A%22testvalue%22%7D
View full article
19-04-2021 16:20 (Updated 21-05-2021)
  • 0 Replies
  • 1 kudos
  • 3052 Views
We’ve implemented a new feature that API Endpoints available at Visma.net ERP API Documentation, can be invoked in an asynchronous mode by using the new “Background API” functionality. (Version: 8.88.0)  This can be achieved by adding an extra request header “erp-api-background: “WebhookURL”  to your request.   If this additional “request header” is provided in your request, our servers  will "intercept" the API request before it reaches the Endpoint. The request will be persisted in our backend. All our application web servers will regularly pull queued requests and process them in the background. This processing is not taking place in a web context, and therefore it is not prone to web exceptions like timeouts etc.    In this way, with this new feature, potentially long-running operations can be performed more effectively.    Once the request has been processed, the API Client will be notified with the webhook notification if “erp-api-background” request header had been provided with “webhookURL” value in your request.   This webhook notification will contain information about, “stateLocation” of the operation(status of the background operation) and “ContentLocation”  that where the response can be picked up, in other word, where the API Client can GET the result of the request that has recently been made.(if it has any content aka ResponseBody)   If the “erp-api-background” request header value set as “none” Webhook notification will not be invoked.  In any case, every queued API request will be assigned an ID that will be present in the immediate “202-Accepted” response to the client.  This response also contains a "stateLocation" address that the client can call at any time to check what is the status of the background operation.  "contentLocation" address that points to the readily formatted and stored response body of the operation if it has any content to be returned.   If the endpoint today is asynchronous,  meaning that if it is immediately returning a “202-Accepted” HTTP response and starts the actual job in the background, such as “Action” based operations. (Endpoint URL: …/action/…),     Currently,  the new "Background API" system is also unable to receive the state of the document when the action based request invoked. Therefore, we’re unable to determine whether the “action” based process succeeded or the state of the document changed without making an additional GET request to see the actual status of the document. However, this topic is already in our development plan. (Endpoint logic should be "synchronous" so that, waiting for the actual job to be done, to inform the client accordingly.)   Example request: "Request Headers erp-api-background : yourWebhookURL" Key  Value ipp-application-type Visma.net Financials ipp-company-id "ERP CompanyID" Content-Type application/json Authorization "yourToken" erp-api-background "yourWebhookURL"   GET: "Customer  Invoice" Request URL: /api/v1/customerinvoice?pageNumber=1&pageSize=100 HTTP Response: “202-Accepted” Response Body: Received Webhook Notification: GET: "stateLocation" Request URL: /api/v1/background/{id} HTTP Response: ”200-OK” Response Body: GET: "contentLocation" Request URL: api/v1/background/{id}/content HTTP Response: ” 200-OK” Response Body: Contains the “GET - CustomerInvoice” data. --------------------------------------------------------------------------------------------------------------------------------------- POST: “Customer Invoice” Request URL: “/api/v2/customerinvoice” HTTP Response: “202-Accepted” Response Body: Contains request “ID” and “stateLocation” Received Webhook Notification: GET: "stateLocation" Request URL: /api/v1/background/{id} HTTP Response: ”200-OK” Response Body:  --------------------------------------------------------------------------------------------------------------------------------------- PUT: "Customer Invoice" Request URL: /api/v1/customerinvoice/{invoiceNumber} HTTP Response: “202-Accepted” Response Body: Contains request “ID” and “stateLocation” Received Webhook Notification: GET: “stateLocation” Request URL: /api/v1/background/{id} HTTP Response: ”200-OK” Response Body: --------------------------------------------------------------------------------------------------------------------------------------- "Request Headers erp-api-background : None" Key Value ipp-application-type Visma.net Financials ipp-company-id "ERP CompanyID" Content-Type application/json Authorization "yourToken" erp-api-background "None"     ℹ️ Webhook notification will not be invoked, State & Content Location logic will be the same as request examples shared above.  ---------------------------------------------------------------------------------------------------------------------------------------   Please feel free to contact us (Financials ERP API Support) if you need any further information.
View full article
14-03-2022 17:17 (Updated 15-03-2022)
  • 0 Replies
  • 0 kudos
  • 2926 Views
Have you ever wanted to add a button in one of the Visma.net ERP screens that allows the user to call custom functionality you have made? By combining the the feature Automation Actions and Webhooks you can. This article shows you how you can create a custom action that will be visible under the Actions toolbar item, and how you can connect this to your custom logic using webhooks.
View full article
20-10-2020 12:13 (Updated 09-08-2024)
  • 0 Replies
  • 2 kudos
  • 2951 Views
If you are an organization working with developing integrations towards Visma APIs you might have the need to have multiple people in your organization accessing the Visma Developer Portal to perform different tasks. Visma Developer Portal accommodates this by allowing you to set up and organize teams that can access Visma Developer Portal for your company.
View full article
01-12-2022 10:54 (Updated 01-12-2022)
  • 0 Replies
  • 0 kudos
  • 2839 Views
TaxID '01' cannot be found in the system To diagnose why you get this error message, you must check a couple of things. The process flow of applying VAT in Visma.Net Financials follows this flow:     First, the VAT Zone ID is collected from the Supplier or Customer, check the following: Supplier(ScreenId=AP303000) Purchase settings tab:   Customer(ScreenId=AR303000) Delivery settings tab:       For this article, we’ll have a look at the Customer. VAT Zone ID To check the VAT Zones, go to ScreenId=TX2060PL and click on the Zone ID of your customer(Here it is Zone 01).     Clicking on the Zone will show the different VAT ID’s available for this zone.     VAT Category Next, you need to check the VAT category of the Item you are going to use, this is found under the “General Information” tab of the item (Non-Stock: ScreenId=IN202000, Stock Item: ScreenId=IN202500).     Clicking on the pencil next to the category will open the window for that category(ScreenId=TX2055PL). Here you need to make sure that the category has the correct VAT type for the document you are creating. You will also see a list of available VAT Ids for this category.     Visma.Net Financials will select the VAT ID based on the the ID where Category and Zone match. Opening VAT Id 3 will show you that both Zone 01 and Category 03 will be present here, and will therefore be valid on the line when you are creating your invoice.     Posting the invoice without specifying the VAT id:     Generates invoice in VNF:     Specifying the VAT ID based on this will create the invoice, however posting a VAT ID that does not comply with the points in this article(eg. A VAT ID that has a category that is not does not match the type of document you want to create, a VAT Category / Zone combination that does not exist) will give you an error message. ℹ️For further information regarding how to set up VAT zones/ids and categories, contact your partner service / ERP Support.
View full article
10-02-2020 12:25 (Updated 10-06-2021)
  • 0 Replies
  • 0 kudos
  • 2656 Views
Please see attachment specific endpoints at https://integration.visma.net/API-index/ Webclient Class public void postAttachment(string[] files, string <objectID>, string token, string companyId) { using (WebClient client = new WebClient()) { client.Headers.Add("ipp-company-id", "<companyId>"); client.Headers.Add("ipp-application-type", "Visma.net Financials"); client.Headers.Add("Authorization", "bearer<token>"); for (int i = 0; i < files.Length; i++) // Multiple { byte[] responseArray = client.UploadFile(@"https://integration.visma.net/API/controller/api/v1/<Endpoint>/"+<objectID>+"/Attachment", "POST", files[i]); } } } HttpClient Class public void postAttachmentHttpClient() { using (var client = new HttpClient()) { client.DefaultRequestHeaders.Add("ipp-application-type", "Visma.net Financials"); client.DefaultRequestHeaders.Add("ipp-company-id", "<companyID>"); client.DefaultRequestHeaders.Add("Authorization", "Bearer <token>"); HttpResponseMessage response; var content = new MultipartFormDataContent(); var path = Path.Combine(@"<path>"); string fileName = Path.GetFileName(path); FileStream fs = File.OpenRead(path); var sc = new StreamContent(fs); sc.Headers.Add("Content-Type", "application/octet-stream"); sc.Headers.Add("Content-Disposition","form-data; name=\"file\"; filename=\"" + Path.GetFileName(path) + "\""); content.Add(sc, "file", fileName); response = client.PostAsync(@"https://integration.visma.net/API/controller/api/v1/<endpoint>/<objectID>/Attachment", content).Result; } } Disclaimer The sample code on Visma Community > Visma.Net API is provided “AS IS” and any express or implied warranties, including the implied warranties of merchantability and fitness for a particular purpose, are disclaimed. In no event shall Visma or contributors be liable for any direct, indirect, incidental, special, exemplary or consequential damages.
View full article
07-02-2020 12:45 (Updated 10-07-2020)
  • 0 Replies
  • 0 kudos
  • 2479 Views
  You can get a recently created object ID by looking into the Response Headers{Location} of the HTTP Response Headers. HttpResponse.GetResponseHeader("location"); This is one of the Response Headers (LOCATION) that API returns after each successful POST Operation which contains created object ID. public string readLocation(string json) { string[] headers = new string[2]; string strResponse = string.Empty; string location = string.Empty; var httpWebRequest = (HttpWebRequest)WebRequest.Create(endPoint); httpWebRequest.ContentType = "application/json"; httpWebRequest.Method = httpVerb.POST.ToString(); httpWebRequest.Headers.Add("ipp-company-id", "<CompanyID>"); httpWebRequest.Headers.Add("ipp-application-type", "Visma.net Financials"); httpWebRequest.Headers.Add("Authorization", "<token>"); using (var streamWriter = new StreamWriter(httpWebRequest.GetRequestStream())) { streamWriter.Write(json); streamWriter.Flush(); streamWriter.Close(); } var httpResponse = (HttpWebResponse)httpWebRequest.GetResponse(); using (var streamReader = new StreamReader(httpResponse.GetResponseStream())) { var result = streamReader.ReadToEnd(); headers[0] = httpResponse.GetResponseHeader("location"); headers[1] = httpResponse.GetResponseHeader("date"); strResponse = ("ID: "+headers[0].Substring(headers[0].LastIndexOf('/') + 1)+" // Date: "+headers[1]); //Seperate Resource URL - Created Object ID } return strResponse ; } } Disclaimer The sample code on Visma Community > Visma.Net API is provided “AS IS” and any express or implied warranties, including the implied warranties of merchantability and fitness for a particular purpose, are disclaimed. In no event shall Visma or contributors be liable for any direct, indirect, incidental, special, exemplary or consequential damages.
View full article
07-02-2020 10:57 (Updated 07-02-2020)
  • 0 Replies
  • 0 kudos
  • 2211 Views
Since version 8.19 (18.02.2020), a method for retrieving resources with base64url encoded values has been available for all resource endpoints.   This makes it possible to use characters otherwise reserved in URL, i.e: : / ? # [ ] @ & * + ;  To use it, one simply adds b64(encodedValue) in place of the resource name when you make your request.   Below is an example of how this works. Inventory item with several reserved characters: Getting this without encoding the resource name will result in an error: GET /Inventory/:/?#[]@&*+;   If you instead encode the value with base64Url encoding: :/?#[]@&*+;  ⇾ Oi8_I1tdQCYqKzs, and insert it in the b64 method you will get the wanted item: GET /inventory/b64(Oi8_I1tdQCYqKzs)   If you want to read more about base64Url encoding, please have a look at the following links: RFC 4648 § 5  Base64Guru base64encode
View full article
11-01-2021 13:06
  • 1 Replies
  • 0 kudos
  • 2187 Views