Authentication Help
Authentication Overview
The Access Procure Wizard API runs an OAuth 2.0 Authorization Server using OWIN OAuth middleware. In order to authenticate against the API and retreive a token you must first have access to the API. Access can be granted for a purchaser and requests can be made on behalf of that purchaser using an API user account with a supplied username and password.
If you believe you should have access to the API but do not currently, please see the help page.
Obtaining a Token
Once the purchaser client has API access enabled and an API user account has been created you can then authenticate and retreive a token by performing a POST request to the following URL.
https://api.procurewizard.com/v1.0/auth
The POST request must have a Content-Type header set and a value of application/x-www-form-urlencoded. The body of the request should be in the following format (substituting the username and password fields)...
grant_type=password&username=XXX&password=XXX
The Token Response
If your API user credentials are correct and authentication has been successful you will receieve a response back with a Content-Type of application/json. In the body of the response there will be a JSON payload. Below example of the JSON response...
{
"access_token": "MTQ0NjJkZmQ5OTM2NDE1ZTZjNGZmZjI3",
"token_type": "bearer",
"expires_in": 3600
}
Once you have received the token response retain the access_token value, as this will be required to all other API calls.
Token Request Examples
The following code examples show how to perform a token request across different technologies.
public class Example
{
public void UsingWebClient()
{
WebClient client = new WebClient();
var json = client.DownloadString("https://api.procurewizard.com/v1.0/auth");
var serializer = new JavaScriptSerializer();
Model model = serializer.Deserialize<Model>(json);
}
public void UsingHttpWebResponse()
{
string json = string.Empty;
string url = "https://api.procurewizard.com/v1.0/auth";
HttpWebRequest request = (HttpWebRequest)WebRequest.Create(url);
request.AutomaticDecompression = DecompressionMethods.GZip;
using (HttpWebResponse response = (HttpWebResponse)request.GetResponse())
using (Stream stream = response.GetResponseStream())
using (StreamReader reader = new StreamReader(stream))
{
json = reader.ReadToEnd();
}
}
}
var http = new XMLHttpRequest();
var url = "https://api.procurewizard.com/v1.0/auth";
var params = "grant_type=password&username=XXX&password=XXX";
http.open("POST", url, true);
http.setRequestHeader("Content-type", "application/x-www-form-urlencoded");
http.onreadystatechange = function () {
if (http.readyState == 4 && http.status == 200) {
console.log(http.responseText);
var json = JSON.parse(http.responseText);
var token = json.access_token;
}
};
http.send(params);
// Requires request module...
// npm install request --save
const request = require("request");
request.post("https://api.procurewizard.com/v1.0/auth", {
form: {
grant_type: "password",
username: "username",
password: "password"
}
}, (error, res, body) => {
if (error) {
console.error(error);
return;
}
console.log(`statusCode: ${res.statusCode}`);
console.log(body);
})
<?php
$url = 'https://api.procurewizard.com/v1.0/auth';
$data = array('grant_type' => 'password', 'username' => 'XXX', 'password' => 'XXX');
$options = array(
'http' => array(
'header' => "Content-type: application/x-www-form-urlencoded\r\n",
'method' => 'POST',
'content' => http_build_query($data)
)
);
$context = stream_context_create($options);
$result = file_get_contents($url, false, $context);
var_dump($result);
?>
$body = @{grant_type = 'password'; username = 'XXX'; password = 'XXX' };
$request = Invoke-WebRequest -Uri "https://api.procurewizard.com/v1.0/auth" -UseBasicParsing -Method Post -Body $body;
$token = ($request.Content | ConvertFrom-Json).access_token;
Write-Host $token;
End Points
For indepth technical documentation about all the specific Authentication API end points currently available please see the End Point Reference.