Retail API - automate API Authorization on the back end.

cboutroscboutros Member Posts: 7

I am designing an application that will give retail customers access to their work order history. I have been able to access the API and get all the information I need.

My problem is that I am building a customer portal where they are going to be accessing the information. They need to be able to put their work order ID and get the information.

Is there a way to have the API for the application authorized by the server on the back end? I hope I am explaining this properly.

6 comments

  • LucienVersendaalLucienVersendaal Moderator, Lightspeed Staff Posts: 406 moderator

    Hi @cboutros,

    Thank you for contacting us.

    I almost understood everything except the last part. What do you mean with "Is there a way to have the API for the application authorized by the server on the back end? "

    Can you explain this a bit more please?

  • cboutroscboutros Member Posts: 7

    Thank you so much for responding.

    I attached some photos. I can connect to the API and get the information I need. The problem is that this is supposed to be a client side application where the person accessing it will not have a lightspeed account. They will simply have the information for the work order ID.

    Is there a way I can have a user use my application without having a login? Can the login be stared in my database and just automatically connect?

    Does that make more sense?

    My customers will only have the workorder ID. I want them to go to a website, where they put the workorder ID, and they can see the history of the repair. They will not have a lightspeed account.



  • Adrian SamuelAdrian Samuel Moderator, Lightspeed Staff Posts: 643 moderator

    Hey @cboutros,

    Just stepping in here. When the user authorises your app, your callback URL receives a temporary token which you use to retrieve an access and refresh token. When it it expires you simply refresh your access token using this request. This is done server side: https://developers.lightspeedhq.com/retail/authentication/refresh-token/

    Adrian Samuel

    Software Developer

    Lightspeed HQ

  • cboutroscboutros Member Posts: 7

    Thank you! This is what I was looking for. I am not the programmer. I am simply the one paying the programmer. She told me it was impossible. I knew there had to be a way to keep the connection active.

    I appreciate you taking the time to help.

  • mattangermattanger Member Posts: 34 ✭

    @cboutros I think what you're asking for isn't really possible in the way you've described. Lightspeed's retail api doesn't offer authentication for 3rd party applications. What @Adrian Samuel explained was the authentication mechanism used by your app to access data in Lightspeed. For that to work, you'd have to give every customer an account in your Retail instance. Which isn't practical, or probably even recommended.


    Your programmer would have to build their own authentication layer to protect your app.

  • Adrian SamuelAdrian Samuel Moderator, Lightspeed Staff Posts: 643 moderator

    Absolutely @mattanger!

    Glad you cleared up the confusion there, the user I'm referring to is the Retail account user, not the customer/end-user as they don't have accounts and thus can't authorise anything.

    Adrian Samuel

    Software Developer

    Lightspeed HQ

Sign In or Register to comment.