API Documentation for integrations
- Noreen Ayesha
The Swagger links for the latest API documentation are as the following:
Member
Earn
Redeem
Inquire
Discount
Application Credentials :
1- To get application credentials open following url :
‘https://api.omniretain-sandbox.xstak.com/backend/o/applications/’
2- This will redirect to the login page, here, login the application using your required email address eg : admin@organizationretain.co
NOTE: For every new company we have to create new application. eg, for company 1 we use 1 application and for second company we create another application.
For Creating New Application
1- Create new application with following fields:
– name of your application (what ever you want name it)
– client type: confidential
– redirect url:
https://api.omniretain-sandbox.xstak.com/api/v1/member/static/drf-yasg/swagger-ui-dist/oauth2-redirect.49cb7cc0bfe0.html
https://api.omniretain-sandbox.xstak.com/api/v1/redeem/static/drf-yasg/swagger-ui-dist/oauth2-redirect.49cb7cc0bfe0.html
https://api.omniretain-sandbox.xstak.com/api/v1/inquire/static/drf-yasg/swagger-ui-dist/oauth2-redirect.49cb7cc0bfe0.html
https://api.omniretain-sandbox.xstak.com/api/v1/earn/static/drf-yasg/swagger-ui-dist/oauth2-redirect.49cb7cc0bfe0.html
https://api.omniretain-sandbox.xstak.com/api/v1/discount/static/drf-yasg/swagger-ui-dist/oauth2-redirect.49cb7cc0bfe0.html
https://api.omniretain-sandbox.xstak.com/api/v1/product/static/drf-yasg/swagger-ui-dist/oauth2-redirect.49cb7cc0bfe0.html
https://api.omniretain-sandbox.xstak.com/login?next=%2Fdashboard/
https://oauth.pstmn.io/v1/callback
-- Authorization grant type : authorization-code
2 - Save it
3- Copy Client id and client secret
4- Click on Authorize button on swagger api eg:
5- Enter client id and client secret , check scope read/write or all and click authorize
6- It will redirect to new tab for further verification click authorize
7- It will redirect back to swagger page
8- Click close from pop up window and use calls as you used to
We can get token from the postman for password grant type by the following post call, with url for getting token is:
https://lms-development.shopdev.co/backend/core/authentication/token/request pay load:
{"grant_type":"password",
"username":"admin@organizationretain.co",
"password":"admin"
}Eventually we get the following response:
{ "access_token": "cBAIuuMULbNhaBbQUKng8hwniNqSQZ",
"expires_in": 36000,
"token_type": "Bearer",
"scope": "read write",
"refresh_token": "4kE4mqmgVam5SDwTVpSJRfiwbv8G9l",
"user": { "id": 1,
"last_login": "2021-06-23T14:48:38.233402Z",
"is_superuser": true, "first_name": "Admin", "last_name": "User", "is_staff": true, "is_active": true, "date_joined": "2021-03-30T08:09:45.975000Z", "username": "admin@organizationretain.co", "email": "admin@organizationretain.co", "company": 1, "phone": null, "is_verified": true, "role": null, "deletion_allowed": true } }
Authorization POSTMAN Collection:
https://documenter.getpostman.com/view/9240166/TzshFPz2
To connect a middleware application without using a password or the full-fledge authorization flow, use the “OAuth Client Credentials Access Token” call in the above POSTMAN Collection.
Using this API call, the user registered against each API call will be the user against which the application was created. For that, it is advised to make sure the user related to the application has the API USER Role setting.