Continuous API Token

jtellierjtellier Member Posts: 56

Is there no continuous API token for backend systems to access LightSpeed?..... Like every other POS on the planet? It looks more like a facebook token where you have to keep re-authenticating. Is that correct?

5 comments

  • LucienVersendaalLucienVersendaal Moderator, Lightspeed Staff Posts: 878 moderator

    Hi @jtellier,

    Thank you for reaching out to us.

    First you'll need to authorize the application, this is only the first time to get an Access token https://developers.lightspeedhq.com/retail/authentication/access-token/#common-errors-1. After you've done this you'll get a Refresh token (which do not expire) and with this Refresh token you can get a new access token when this access token has expired. https://developers.lightspeedhq.com/retail/authentication/refresh-token/

    Please follow our documentation for more information.

    I hope this helps.

  • jtellierjtellier Member Posts: 56

    So I need to get a token, in order to get a token, to get tokens?

    Now so we have multiple clients that each need me to access their data, so do I create a single application and then do an access token against each of their instances?... or do I need to create a different client for each instance?

    Normally, like RICS & SpringBoard, even Authorize or Stripe, you login to the admin, make a token, and that is your token to access the data and you never ask for another token again. So we need to get pushed data for inventory changes and we need to push in web orders to you guys. Am I in the wrong area for things like that or is it expected that we have to continously ask for new tokens and update our records to call into your system, with new tokens over and over.

    Sorry, but this is not intuitive and I have 4 clients looking to use LightSpeed so I need to get our systems integrated ASAP.

    Thanks.

  • gregaricangregarican Member Posts: 702 
    edited June 2020

    This whole token authorization process is pretty standard across various API service providers I've seen and integrated with. If you can utilize third party libraries in your project, a lot of them provide a mechanism to make the process easier. Search GitHub and you will find Lightspeed Retail wrappers that can be used if you are coding in Ruby, Python, C#, etc.

    Here is one of these wrapper libraries I used for my projects --> https://github.com/skuvault/lightspeedAccess. Of course that's dependent on .NET. There are definitely others available in Ruby, Python, and whatnot.

    If you are using C#, here's a small sample method that will acquire a new token from the API service.


    // Requires Newtonsoft.Json, System.Threading.Tasks, and System.Net.Http.

    public async Task<string> GetAccessToken()

         {

    var request = new HttpRequestMessage(HttpMethod.Post, "https://cloud.merchantos.com/oauth/access_token.php");

    var client = new HttpClient();

    request.Content = new FormUrlEncodedContent(new Dictionary<string, string> {

    { "client_id", "{my_client_id}" },

         { "client_secret", "{my_client_secret}" },

         { "refresh_token", "{my_refresh_token}"},

         { "grant_type", "refresh_token" }

    });


    var response = await client.SendAsync(request);

    response.EnsureSuccessStatusCode();


    var payload = JObject.Parse(await response.Content.ReadAsStringAsync());

    var token = payload.Value<string>("access_token");

    Console.WriteLine("The access token granted is: {0}.", token);

    return token;

    }

    Post edited by gregarican on
  • [Deleted User][Deleted User] Posts: 0

    Hello @Jtellier,

    OAuth 2.0 is pretty much used everywhere nowadays. And it's recommended that the access token expires. You can read more about the OAuth 2.0 specifications in the link below.


    https://tools.ietf.org/html/rfc6749#section-4.2.2

  • jtellierjtellier Member Posts: 56

    Oh no I get it, I have used Facebook before, but even that doesnt require you to generate one every hour. So it is just some extra steps which is required to get the data that I am not used to in POS systems APIs.

    Thanks,

    Jeremy

Sign In or Register to comment.