API Authorization (/GetTokenFromLogin)#
Trade’s messaging services require Bearer authentication, which is a token-based authentication mechanism.
When a client application makes a request to Trade REST API, it must include an access token in the request headers to authenticate itself to Trade’s services.
The access token is obtained by exchanging a user ID and password for a JSON Web Token (JWT) using the athentication endpoint.
This token is then included in the request headers of all subsequent requests for authorization.
Trade REST API uses industry-standard security protocols, ensuring that client applications can securely exchange information.
Onboarding#
In order to register as a connecting partner, a provisioning process must be completed first.
You will be assigned with a Partner identification.
This is your Network identification and is used as your User Id
This process is handled by SOVOS Saphety, who will provide authentication credentials as following:
UserId: <Contry Code><VAT> (ec: ESA12345678)
Password: <Secure_Password>, (************)
Response messages from server#
When a request is well formed and the authentication data is correct the system responds with a message as the following:
{
"CorrelationId": "<GUID>", /* for correlation purposes */
"IsValid": true, /* false in case of erros */
"Errors": [], /* if empty is a good signal */
"Warnings": [], /* if empty is a good signal */
"ResultData": "<Service Response Data>" /* the data retuned ex: token, invoice data .. dependent on the service called */
}
This is a generic message response for all services where the ResultData contains the service opertation result.
For example when calling the Account/getToken service the ResultData property will contain the access token itself.
Note that any object can be received in this property, depending on the service you are calling.
1. Get a token (Account/getToken)#
When consuming this API, it is important to note that there are three different environments:
Integration,
Quality
Production.
Each of these environments has its own ServerBaseAddress. Please be aware of in order to ensure that they are consuming the API from the correct environment.
Use those credentials to get a token at:
https://<ServerBaseAddress>/api/Account/getToken
# Integration Environment
server_base_adress = "saphetydoc-int.saphety.com/TradeHttp/MessageServiceRest"
#Quality
#server_base_adress = "www-qa.netdocs.com.pt/TradeHttp/MessageServiceRest"
#Production
#server_base_adress = "ws.netdocs.com.pt/TradeHttp/MessageServiceRes"
import requests
import json
# service url
service_url = "https://" + server_base_adress + "/GetTokenFromLogin"
# Example of username and password
userId = 'PT500111111'
password = 'PT500111111'
# Auhtentication data goes in query string parameters
query_params = {"userId": userId, "password": password}
# GET request for the token
response = requests.get(service_url, params=query_params)
# Formating the response to json for visualization purposes only
json_response = json.loads(response.text)
print(json.dumps(json_response, indent=4))
{
"CorrelationId": null,
"Errors": [],
"IsValid": true,
"ResultCode": 200,
"ResultData": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJodHRwOi8vd3d3LnNhcGhldHkuY29tL1RyYWRlIiwibmFtZWlkIjoiUFQ1MDAxMTExMTEiLCJzdWIiOiJQVDUwMDExMTExMSIsInVuaXF1ZV9uYW1lIjoiUFQ1MDAxMTExMTEiLCJqdGkiOiJmOGY1MWIxNDNlYTY0NDBmYmQ2MmMyZmQ5Y2FjM2M2MyIsImV4cCI6MTY4MDQxMjE3MSwiaWF0IjoxNjgwMzY4OTcxLCJuYmYiOjE2ODAzNjg5NzEsImF1ZCI6Imh0dHA6Ly93d3cuc2FwaGV0eS5jb20vVHJhZGUifQ.zilFW1kKa44aFFGF4w_Q-6ezkyrNAeQ1DBXNFEm7r7Y",
"Warnings": []
}
# Your token is at:
token = json_response["ResultData"];
print (token)
eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJodHRwOi8vd3d3LnNhcGhldHkuY29tL1RyYWRlIiwibmFtZWlkIjoiUFQ1MDAxMTExMTEiLCJzdWIiOiJQVDUwMDExMTExMSIsInVuaXF1ZV9uYW1lIjoiUFQ1MDAxMTExMTEiLCJqdGkiOiJmOGY1MWIxNDNlYTY0NDBmYmQ2MmMyZmQ5Y2FjM2M2MyIsImV4cCI6MTY4MDQxMjE3MSwiaWF0IjoxNjgwMzY4OTcxLCJuYmYiOjE2ODAzNjg5NzEsImF1ZCI6Imh0dHA6Ly93d3cuc2FwaGV0eS5jb20vVHJhZGUifQ.zilFW1kKa44aFFGF4w_Q-6ezkyrNAeQ1DBXNFEm7r7Y
Once the token has been obtained you will use it as bearer authentication on all subsequent requests to the API.