Android mobile app that fetches data from Lightspeed.

ChanceChance Member Posts: 1

Hey, we are currently developing an Android app intended to fetch some information from our Lightspeed retail database and display it for our customers. As I understand it, the Lightspeed HQ API is meant primarily for web apps, to be displayed in browsers. Is this a correct assumption? Are we doomed in our efforts to create an Android app with Lightspeed HQ integration? We have obtained a client id and successfully gotten the temporary access code needed to procure an OAuth access token through our browser, but the process, namely that one must send the request, then log in and authorize it, does not work well for our purposes. Is it possible to obtain a more permanent access token? (not one that lasts for only 60 minutes) Is there a different way to make this work? We would like to access the API with the inventory_read permissions and then give inventory information to customers who will be using our app without requiring them to log in. Is this possible?


  • Adrian SamuelAdrian Samuel Moderator, Lightspeed Staff Posts: 654 moderator

    Hey @Chance,

    This sounds like a great idea!

    The Lightspeed API doesn’t have preferences as to how the API is used. 

    I think there might be some misunderstanding as to how the authentication process works.

    Let me explain and it might help clarify things:

    • To first get the temporary token, you need to supply them with a URL which includes your client_id and the scope of access that you want from the account. 
    • This URL could live on your website or it could live on the android application. Either way, it’s going to direct them to the Lightspeed login page on a browser and prompt them to login and for them to authorise the app.

    Once they login, Lightspeed makes a request to the Redirect URI (your app) that you included when your app was registered. Your application should have a route that parsers the url parameters, so the temporary code can be used to make the next request of getting the access token (by using the client id and secret and temporary code together.

    To do this, you’ll need a back-end. Something that can take in data, handle the authentication etc on the server side. It’s not something that should be done on the client side.

    You won’t be able to make an authorised requests to an account because then you could do that for any account.

    Adrian Samuel

    Software Developer

    Lightspeed HQ

Sign In or Register to comment.