How to grant access to an Organisation in the ApprovalMax Public API
The process of granting access to an Organisation consists of the following steps:
1. Initiate user authorisation: generate an URL with the necessary parameters. This URL will direct account owners/ account managers to the ApprovalMax Public API consent page.
2. Grant access to the Organisation via the Consent page: on the Consent page, account owners/ account managers can select the particular Organisations to which they want to grant access. This gives them control over which Organisations your application can access.
3. Redirect with an authorisation code: account owners/ account managers will be redirected back to your application, with an authorisation code.
4. Exchange for access token: in the next step, you'll exchange the received authorisation code for an access token. This exchange takes place through the token endpoint, using the appropriate parameters.
5. Receive tokens: the token endpoint verifies the request parameters and, after successful validation, generates the tokens in its response. These tokens, such as the access token, are essential for making authorised API calls on behalf of the account owners/ account managers.
Once you have successfully completed the OAuth flow, you'll be granted an access token that enables you to act on behalf of the account owners/ account managers. With this access token, you can determine the connected Organisations the account owners/ account managers have authorised within your app. You can make API calls and perform actions specific to those Organisations.
How to grant access to an Organisation via the Consent page
During the authorisation flow, having initiated the process, the Account Owner or Account Manager is redirected to a Consent page. Here, they can manually select the Organisation(s) they wish to grant access to. The Consent page displays a list of ...
Prerequisites for using the Public API
Before proceeding with the authorisation process for the ApprovalMax Public API feature, there are certain prerequisites that need to be met. These include: 1. Granting access to the Developer Portal: in order to access the Developer Portal and ...
The list of endpoints available in Public API
To make calls against the APIs, please refer to the endpoints below or to the swagger: Endpoints Description GET /ping In the ApprovalMax Public API, the GET /ping endpoint is a simple endpoint used for checks the overall availability and ...
How to verify authorised Organisations with access permissions
To determine which Organisations the Account Owner has authorised, you can make a call to the /companies endpoint using the received token. In response, you will receive a list of Organisations UUIDs to which access has been granted. To retrieve ...
How to call the API?
Please refer to the Swagger page or the list of available endpoints to find endpoints and their data models. To successfully make API calls, ensure that you include the following headers in your requests: Authorisation header: this is crucial for ...