Skip to main content

Connect to Back Office API

In order to communicate with the Back Office API, the API Consumer needs to attach a bearer token with every request. This token contains the necessary information that the API needs in order to appropriately route requests.

Obtain a Token

To obtain a token, send an HTTPS POST request to the Authentication Service using a Basic Authorization header containing the RTIconnect User and password. The supplied RTIconnect User affects the accessible stores in the RTIconnect API.

Note: it is the responsibility of the client to create and manage their RTIconnect User and password in their client domain.

To obtain a token:

  1. In the upper-right of the Postman window, select the plus (+) to create a new request.

  2. Copy the following snippet of code:

    curl --location --request POST 'https://qc-auth-xconnect-rti.xenialdev.net/auth/v2/token' \ --header 'Authorization: Basic xxxx' \ --header 'Content-Type: application/json' \ --data-raw '{ "grantType": "token", "ClientId" : "xxx" }'

  3. In Postman, select File.

  4. Select Import.

  5. At the top of the window, select Raw Text.

  6. In the raw text box, paste the snippet of code copied in Step 2.

  7. Select Continue.

  8. Change the imported URL to https://qa-xconnect.xenial.com/auth/v2/token.

  9. In Postman, select Body.

  10. Update the ClientID to the appropriate ClientID.

  11. Select Authorization.

  12. Change the Authorization Type to BasicAuth.

  13. Type the username as <domain>.<username> and then type the password.

  14. Select Send.

  15. A token is returned.

Make the API Call

Once a token is generated through the Obtain a Token procedure, this section details how to make the actual API call.

  1. From Postman, copy the token. Do not include the beginning/ending quotation marks.

  2. In Postman, select Authorization.

  3. Select Bearer Token, then paste the token.

  4. In a new window, navigate to Swagger, then copy the URL for the API.

  5. In Postman, navigate to Params then paste the URL from Swagger to autofill.

    • Alternatively, type the required parameters.

  6. Navigate to Headers then type in a KEY of BusinessEntityID, and the proper number in the Value column. Usually, this number is 1, but not always.

Tip

A Not Authorized message means:

  • The user credentials do not have permission to access the API or,

  • The ClientID is incorrect. To view the access available to a specific ClientID, reference ClientID Access List.

ClientID Access List

To obtain a list of the accessible endpoint roles of a ClientID token:

  1. Copy the token to the clipboard.

  2. Navigate to https://jwt.io/.

  3. In the menu bar across the top of the screen, select Debugger.

  4. In the Encoded text pane on the left, paste the token.

  5. In the Decoded text pane on the right, view the accessible list.

See also:

Indicates anyone who uses our APIs. Our clients, third-party vendors, and brand representatives fall into this category.

Each Back Office API Client requires a User ID account in order to access the data within a client database.

We do not create or configure these users. It is the responsibility of the Back Office customer admin to provide the User ID and password to the respective API Consumer.

Also known as a globally unique identifier (GUID). The ClientID identifies the API Consumer and is required in order to connect to the our API. The ClientID provides the ability to track data consumption, and to limit or remove connection access.

The ClientID does not imply that the API Consumer is our direct client, nor does it provide access to customer data.

An industry standard tool used to document and test APIs.

Familiarity with Swagger is a requirement for using our APIs. Swagger training is beyond the scope of our services.