API access control: Explaining events and how to react

API access control: Explaining events and how to react

Each of the following events may trigger a connection blockage to prevent misuse of the Public API feature.
Please note: Connections with clientId = test.client are not included in this validation.

EventAction
The Organisation is deleted
In response to all called API requests, the Public API returns errors. 
The Organisation is disconnected from GLGET methods are allowed to be used.
POST/PUT/DELETE methods result in errors from the backend (no restrictions on the Public API side).

After reconnecting, the restrictions are disabled.
The Organisation is retiredGET methods are allowed to be used.
POST/PUT/DELETE methods result in errors from the backend (no restrictions on the Public API side).

After reconnecting, the restrictions are disabled.
The Organisation(s) is transferred (due to account transfer/Organisation transfer)
In response to all called API requests, the Public API returns errors.
The Subscription is downgradedIn response to all called API requests, the Public API returns errors. After a subscription upgrade, the restrictions are disabled.
The Subscription is expiredGET methods are allowed to be used.
POST/PUT/DELETE methods result in errors from the backend (no restrictions on the Public API side).

After reconnecting, the restrictions are disabled.
The user who was added to a token is offboarded from the Organisation added to a tokenIn response to all called API requests, the Public API returns errors. After onboarding a user, the restrictions are disabled.
The user's role (who was added to a token) is changedIn response to all called API requests, the Public API returns errors. After onboarding a user, the restrictions are disabled.

    • Related Articles

    • How to grant access to an Organisation via the ApprovalMax Public API

      This is how you grant access to an Organisation via the ApprovalMax API: 1. Initiate a user authorisation: generate an URL with the necessary parameters to direct the Account Owner / Account Manager / Organisation Administrator to the ApprovalMax ...
    • Prerequisites for using the Public API

      Before proceeding with the authorisation process for the ApprovalMax Public API feature, there are certain prerequisites that need to be met. These include: 1. Granting access to the Developer Portal: in order to access the Developer Portal and ...
    • Who has access to the Connections List?

      Access to the Connections List is strictly limited to Account Owners, Account Managers or Administrators (2FA is required). This restriction is in place to ensure the confidentiality and security of the data accessed through this list. Each user is ...
    • Who needs to have access to Xero?

      The person who connects ApprovalMax to Xero needs full access to the Xero file. Approvers who approve Bills, Purchase Orders, and other documents don't need access to Xero in order to approve documents in ApprovalMax — this is one of the core ...
    • How to grant access to an Organisation via the Consent page

      When the Account Owner, Account Manager or Organisation Administrator* initiates the authorisation process, they are redirected to a Consent page. Here, they can manually select the Organisation(s) they wish to grant access to. If the list of ...