My Areas

Sign in to follow product and topic areas and get a shortcut in this menu
Visma eAccounting API
cancel
Showing results for 
Search instead for 
Did you mean: 
Anour Hannouch
  • 0 Replies
  • 0 kudos
  • 41 Views

This post is a rendition of the main DOCUMENTATION.

 

The eAccounting API exists on a sandbox server (https://eaccountingapi-sandbox.test.vismaonline.com/v2) and also on the  Production server (https://eaccountingapi.vismaonline.com/v2).

 

To test the API we recommend you to use the Sandbox environment.

 

To be able to use the API you would need a Client ID, Client Secret, and a Redirect URI.

Our API uses the OIDC framework, which in turn uses the OAuth2 protocol, we recommend you to get familiar with these. 

OAuth2 supports several “flows” or methods, but as for the eAccounting API, we only allow and support the server-side flow, AKA Authorization code flow.

 

You can also check our MAIN DOCUMENTATION, here you can also register a sandbox client by yourselves.

 

The authentication

The authentication consists of the following steps:

  1. GET an Authorization code:

When you have your unique client ID, secret and redirect URI you can construct the following URL:

 

https://identity-sandbox.test.vismaonline.com/connect/authorize?client_id=<client_id>&redirect_uri=<redirect_uri>&scope=ea:api%20offline_access%20ea:sales&state=<state_string>&response_type=code&prompt=login&acr_values=service:44643EB1-3F76-4C1C-A672-402AE8085934+forceselectcompany:true

 

<...> the angle brackets indicate where you should enter your unique values.*

The example is based on authentication towards the Sandbox environment.*

The State could be any random alphanumeric string.*

 

Visiting the previous URL you will be prompted a Visma login window, after entering your credentials you will be redirected to your redirect URI page with the authorization code in the URL.



  1. Use the Authorization code to make a POST request to receive an Access Token:

Using the code received in the previous step, we can now make a POST request to the server in order to receive a Token.

This POST request should look like this:

 

HTTP Head

POST https://identity-sandbox.test.vismaonline.com/connect/token HTTP/1.1

HTTP Headers

Authorization: Basic base64(client_id:client_secret)

Content-Type: application/x-www-form-urlencoded;charset=UTF-8

HTTP Body

"grant_type=authorization_code&code=<authorization_code>&redirect_uri=<redirect_uri>"

 

As a response, our server sends a JSON file to the server on which the redirect URI is hosted.

This JSON file contains the Token, Refresh Token and expiry time.



  1. Use the Token to GET/POST/DELETE resources:

To make a request to, an example, GET Accounts Endpoint, the HTTP request should look like this:

 

HTTP Head

GET

https://eaccountingapi.vismaonline.com/v2//accounts HTTP/1.1

HTTP Headers

Authorization: Bearer <Access Token>

Content-Type: application/x-www-form-urlencoded;charset=UTF-8

HTTP Body

….empty...



  1. Use Token to GET a Refresh Token:

An Access token is only valid for an hour, after that, you will have to get a new Access token, you can do this by going through the procedure we just went through or you can make a request using the refresh token.

A request using the refresh token looks like this:

 

HTTP Head

POST https://identity-sandbox.test.vismaonline.com/connect/token HTTP/1.1

HTTP Headers

Authorization: Basic base64(client_id:client_secret)

Content-Type: application/x-www-form-urlencoded;charset=UTF-8

HTTP Body

"grant_type=refresh_token&refresh_token=<refresh_token>"




For more technical information visit the MAIN DOCUMENTATION.

Contributors