I’m updating a third party app that currently integrates with Twinfield using the session’s method with username and password to use the oAuth method.
In confused by the documentation though... do I still need to use the sessions or when using oAuth do I just call the endpoint(s) by passing the access token in the header as normal?
Also their Soap definition has four properties, the usual ClientID and Secret but also accessSecret? What’s that?
TLDR: you no longer need to use the sessions and SelectCompany; when you have the access token you can use that and the company code directly in the header. You can obtain the access token as described here.
The documentation is a bit unclear on how to use the access token in your calls.
In the old username/password/session flow, you referred to a
SessionIDin the SOAP Header, and you would do aSelectCompanycall to select the relevant target ("administratie").In the OAuth flow, the SessionID is no longer relevant. Once you obtained a valid access token, you should set that in the header using the
AccessTokenfield. Instead of the oldSelectCompanycall, you can set theCompanyCodedirectly in the header. So if you have obtained an access tokeneyWhatANiceToken, and want to retrieve data for company "My Company BV [130001]" you have setAccessTokentoeyWhatANiceTokenandCompanyCodeto130001in the header.You can request the available codes using the list offices call