Overview

Authentication

The Store365 API uses OAuth using the JWT token format.

Most languages have libraries available for interacting with an OAuth API. In case you are interested in the details we have included a detailed description of how the interaction happens below. There is a comprehensive list of OAuth Libraries for many languages at oauth.net/code

Authentication URL
Name URL
Authentication https://token.store-it365.eu/auth

Headers

Calls to api.store-it365.eu require an Authorization header with the bearer token.
Header Value
Authorization bearer ACCESS_TOKEN_VALUE

The authentication details will be provided by Store-IT.

The Authorization bearer value is the "access-token" returned by the authentication server after a successful authentication.

Calls to token.store-it365.eu/auth require a x-www-form-urlencoded body with the following values.

Key Value Description
username CLIENT_USERNAME The username from the client (will be provided by Store-IT staff)
password CLIENT_PASSWORD The password from the client (will be provided by Store-IT staff)
grant_type password The grant_type is always 'password'
client_id CLIENT_ID The client_id from the client (will be provided by Store-IT staff)
Specifying submitted request body content

Any request that submits a request body should also include the content-type header field. It is safe to submit this with requests that do not contain a request body as well.

Header Value Description
Content-type application/json Body will be returned formatted as json (Default)
Note: The json returned will be CamelCased
Content-type application/xml Body will be returned formatted as xml
Note: The xml returned will be PascalCased

OAuth Token

Retrieving a token with the password grant type
To start the flow, an authorization request is sent along with the client_id of the requesting application.
post 
          https://token.store-it365.eu/auth
          
              curl --location --request POST 'https://token.store-it365.eu/auth' \
                --header 'Content-Type: application/x-www-form-urlencoded' \
                --data-urlencode 'username={CLIENT_USERNAME}' \
                --data-urlencode 'password={CLIENT_PASSWORD}' \
                --data-urlencode 'grant_type=password' \
                --data-urlencode 'client_id={CLIENT_ID}'

After a successful authentication, an access_token of token_type bearer will be provided.

The access_token will be used in the Authorization header to access the Store365 API resources. The token is valid for the duration of the expires_in value.

HTTP/1.1 200 OK
{
    "access_token": "[ACCESS_TOKEN_VALUE]",
    "token_type": "bearer",
    "expires_in": "21599",
}

Schema

Reminder: When providing data via URL query parameters you must make sure to URL encode them as they may potentially contain characters that are invalid in a URL on their own.

Date and Time

Format
All date times are represented in the ISO8601 date format to a precision of seconds. Milliseconds are not provided in the response. 
YYYY-MM-DDTHH:MM:SSZ

Paged results

Paged results are available for most domain groups. Of these, most have optional pagination and ordering parameters available to tailor the results as required.

Results

The general format for results returned is

{
            "pageNumber"            :  The page you requested,
            "pageSize"              :  The size of the page,
            "totalNumberOfPages"    :  Total number of available pages,
            "totalNumberOfRecords"  :  Total number of available results
            "results"               :  [ List of domain objects ],
}

Paging

Available parameters for result paging ability

pageNumber

The pageNumber parameter will start returning results for the specified page. Default: pageNumber=1

Example:
                  /users?pageNumber=15
pageSize

The pageSize parameter specifies the number of results to be returned with the request.
The response will provide up to that value.
Default: pageSize=10
Max : pageSize=100

SortOrder

The SortOrder parameter specifies the name of the property or field to order by

Response Codes

Success codes

Response Code Description
200 Request was successful.
If the request was a GET, the response body should have the requested json.
If the request for performing some action like an update or create, the response body will generally include an updated domain object.
204 Successful response where no response body data is returned. Generally returned from a delete operation or after updating an object relationship.

Error codes

Response Code Description
400 Bad Request, client Error specifying that invalid request parameters were provided by the requestor.
  • The response should include details in the request body.
  • { "code" : 400, "message" : "Further details about the BadRequest error response" }
401 Unauthorized, An authentication error specifying that no valid credentials or OAuth token were provided
  • {"error":"invalid_grant","error_description":"Bad credentials"}
    • Invalid username/password credentials were supplied
  • {"status":401,"error":"Unauthorized","message":"Bad credentials"}
404 Not found, provided when a requested object does not exist.
  • { "code" : 404, "message" : "Further details about the not found error response" }
415 Unsupported Media Type. Ensure the content-type header is properly set on the request
500 Internal Server Error, Server side error that may be seen if an application error occured.
  • { "code" : 500, "message" : "An internal exception occurred.
    Please contact tech@store-it.eu so we can try to fix it." }
503 Service Unavailable, Server side error that may be seen if the API is functioning as expected but a dependent internal service to the request is not available.
  • { "code" : 503, "message" : "Further details about the dependent service being unavailable" }