Authentication & Overview
API Key and OAuth 2.0 tokens
Get your API key or OAuth 2.0 tokens from 'Settings' / 'Integration' / 'Our Extensions'
Supported Data format:
JSON
Date format supported
YYYY-MM-DD (example 2020-06-09)
Security
All Requests must be submitted as Https only.
Authentication
All API Requests will require authentication either by API key or by OAuth2.0.
Authentication via API key
All API Requests will require API Key to be passed in header as apikey. Optionally, Rest API can be turned off/on at Account level by going to Company Account from 'Settings' / 'Integration' / 'Our Extensions'
Sample Header:
1 apikey:3376266343930346134343a344a4a57383930312d39
2 Content-Type:application/json
Base URL:
AU 🇦🇺 : https://api.syd.e1.enboarder.com
EU 🇪🇺 : https://api.fra.e1.enboarder.com
US 🇺🇸 : https://api.ore.e1.enboarder.com
CA 🇨🇦 : https://api.can.e1.enboarder.com
Authentication via OAuth2
The Rest APIs also support OAuth2 tokens. To enable this in the account, an admin needs to enable it from 'Settings' / 'Integration' / 'Our Extensions'.
Please click on the Activate OAuth2 button to generate Client and secret for OAuth2 App client. Optionally the user can enable / disable OAuth2 setting from this page.
Please note down the clientID and Secret. These are required to get the OAuth token.
OAuth2 token Enbdpoints
OAuth2 token flow
In Enboarder we support Client credential flow. This is a very simple flow and suitable for system-to-system authentication. Here are the steps:
High level Flow
The Integration Developer asks for OAuth2 credentials such as Client ID, Client Secret and token URL. Admin user gets this info from our extension page.
Add the below scope in the request:
api/workflow.basic api/workflow.advance api/settings.all
On receiving this, the developer needs to call the token URL with clientid and secret to get this access token. Here is the sample request and response:
The token is valid for 1 hour. The developer needs to check its expiry time before sending this token in the Rest API request. If it expires then first generate a new token and use this.
Please send this token in header Authorization in request header while calling Rest API
Sample Header:
Authorization:eyl2233434_KpYvv4ZL---YCj09D8N0xv---LKdLhw Content-Type:application/json
The receiver system will then validate the token and grant access if the token is valid.