Question

Http connector Exact online

  • 19 November 2021
  • 23 replies
  • 182 views

Userlevel 3
Badge +9

I’ve maganged to setup the connection to the Exact Online API from postman.

Now I try to setup the connection from the SF but we running into an invalid_request error as a result.

I’ve used the same input variables and keys, so at the moment I’ve not a clue why this result is happening:

 

 

 

 

 

 

Has anybody in the community succesfully connected to the Exact Online API.

 


23 replies

Userlevel 5
Badge +9

I have made a successful connection to Exact Globe (not using the http connector currently available but an older connection method). But I have also made a successful connection to a different system using the HTTP connector the SF currently supplies. 

What version of the SF are you using? 

And can you post the postman connection that is working for you (filtering out any sensitive data). 

Userlevel 3
Badge +9

Hi Erwin, we using SF 2021.2.

 

And we’re trying to talk to the exact-online API… (That’s something different then Exact globe?)

 

This is the setup in postman to get the refresh key which is working in postman.

This is the first step I try to get working in the SF.

 

 

 

 

Below is the result in Postman when we open the <> code section to see what we send.

We’ve tried to add the cookie as wel but with the same result.

 

 

curl --location --request POST 'https://start.exactonline.nl/api/oauth2/token' \

--header 'Content-Type: application/x-www-form-urlencoded' \

--header 'Cookie: ASP.NET_SessionId=0d23215kwpt3zlddlc4y4gz2; AWSALB=1pnr4OGoFBfALC+ixp0QrxPOKyfXiDhu2s915jf5e6RLIk0DdH/riVG2h9YlA4E29JIJ4BAj+PbkrCBoe1LB2XWbsvRl8wM4SbA3z4qUX845N9Kr6xb7nLFJlH/+; AWSALBCORS=1pnr4OGoFBfALC+ixp0QrxPOKyfXiDhu2s915jf5e6RLIk0DdH/riVG2h9YlA4E29JIJ4BAj+PbkrCBoe1LB2XWbsvRl8wM4SbA3z4qUX845N9Kr6xb7nLFJlH/+; ExactOnlineClient=kVdQFzO29SAu20b+Hj9pHeryWQqExS1/uNm6W0chlYN1vWb3e1s5cxKHq8HPKyyTMbRTRkgQJj0kzGstxZsM1u+AZtd36ev7ol+gVDmGns1n7qOJoKQF/MKfcwUULYm4chHkzfo2HsmR7FVaI0+q1gO7ks0+nSgP+FsGuqdDceU=; ExactServer{79a383a7-1e93-42ec-841e-61b7ae40e41e}=Division=3084597' \

--data-urlencode 'grant_type=refresh_token' \

--data-urlencode 'refresh_token=Y2MN!IAAAAA5UpJQK5Eh-bKOyeoJwlYAnV-pUHsyI-psvA0WDI8r04QEAAAF3OJA1gQ_a6WXxg-IZdsxmpU2X_7x_osBjJ9AsmxS8ZaH4rIza3JOgWHo4Xv8Mve8aVGNsnQ7My4ApS-HO67H_d0843Pux1Tp-Ugfx47pd7bv_Ijqa_jeef3_IU3M1K_EnbOQbxozlGLegl2_ZpUlFQH8hsiFfyzIm5mS8x0n9Sx3J8FouDfBCTg0T-dkdWfrOICSUXkOsN0I_eY83dqkvpijS0Eh7WHUrJbkxl1VTPR4IzPPybhPKHF9KCTkYfWixq4OczhGEYnMaFht5uYC65Q-VCC6crLBZfyumFoLEK2tZZz7F_s8IdfFdZHsBq8WJFcm0l8puxfEROWGTUwM_Bd4S76QruEM2J9DqLop6fmCIoIAQmsdnt0rQlqiJP7uOQi3BxtMo9XYG1L_qQ9brtz_lkGu-_hAV1y9JrEUmggRO57E2MxFuHxS-aOyE6LrPy9Gd4NXHcUmVVjBjCPMiZd2EvT77uGxKKQ12BqgvBKEYgqVJKjCOSMRNNt5zAWay6BRbDlfF3yP0jrxt262-78j1wE9d-kUSa6ltnh0WHuaT1voWs8XLa-K6jTFijBZfbQRdRFWSe7-1kWqY3VeaupXiXE3u54dCAhcTDyUxupvPSBc6nwBuTtxt7COjTIE' \

--data-urlencode 'client_id=645d2b8……………..cf6bc8c2d' \

--data-urlencode 'client_secret=eL……...TBJ'

 

I hope you can help me out...

Userlevel 3
Badge +9

So in postman we only send:

grand_type=refresh_token

refresh_token:abcdeetc…. (The one we get from the API)

client_id=

cleint_secret=

No params, Authorization is set to Bearer to, no specific headers and the params above are setup in the body.  Postman sends them as application/x-www-frin-urlencode 

So we copied that to the SF. Kevin helped me this morning to get this working. But we’re gettting stuck when setting up the same connection in the SF

Userlevel 5
Badge +9

Can you also post a screenshot of the headers you are using in Postman. Postman and SF do not necessarily use the same headers. 

Userlevel 3
Badge +9

Hi Erwin,

here’s the screen with the headers. I’ve displayed the hidden headers as well

 

 

Userlevel 3
Badge +9

Dit is wat ik terugkrijg in de headers. We sturen dus geen headers mee, maar bij de output vul ik wel de procesvariabele met de headers die we terugkrijgen

 

  headers [{"Key":"Content-Length","Value":"27"},{"Key":"Cache-Control","Value":"no-cache,no-store"},{"Key":"Content-Type","Value":"application/json"},{"Key":"Expires","Value":"-1"},{"Key":"Pragma","Value":"no-cache"},{"Key":"Referrer-Policy","Value":"strict-origin-when-cross-origin"},{"Key":"X-Content-Type-Options","Value":"nosniff"},{"Key":"X-Xss-Protection","Value":"1; mode=block"},{"Key":"Date","Value":"Fri, 19 Nov 2021 14:20:46 GMT"},{"Key":"Connection","Value":"close"},{"Key":"Set-Cookie","Value":"ExactOnlineClient=YbflRElZbBBKXYLhlCvSlj7hctMcpCHq7mcO8wACYt15agMdANvT07jRM73OcVh886KPECsAEu+ioKUHseMF1xj56Bb4noWvU7VjaxbjtLL1eMO+frXa9dX0wbLHaHRcJoUJAliTVCqq0Ts4dMibQId+vXWlkWXxQGAAE9/gjJ4=; SameSite=lax; expires=Mon, 31-Dec-2198 23:00:00 GMT; path=/; secure; HttpOnly"},{"Key":"Strict-Transport-Security","Value":"max-age=31536000 ; includeSubDomains ; preload,max-age=31536000 ; includeSubDomains ; preload"}]
Userlevel 5
Badge +9

Can you try adding the header:  [{"Key": "Accept", "Value": "application/x-www-form-urlencoded"}]

Also what authentication are you using in the SF HTTP connector? 
 

Userlevel 3
Badge +9

We’ve set Nothing for the authentication type. Should we?

 

Userlevel 3
Badge +9

And tried to add the header as you suggested. I copied it exactly what you described, so including the [ and the { including/till the }] But still I’m running into an invalid request

Userlevel 5
Badge +9

From the green dot in postman it suggest you added authentication there. So the same request from the SF should include the same authentication. Try adding the authentication and check if the error changes. 

Userlevel 3
Badge +9

Is this what you mean? What should I change in the SF. SHould I add setup the authentication type with Bearer token

 

 

Userlevel 3
Badge +9

I have only a few options there. I cannot choose the option bearer token of am I looking in the wrong place now

 

Userlevel 3
Badge +9

Authentication is something else then authorization?

 

Userlevel 5
Badge +9

Here you can find some more infomation regarding OAUTH tokens:

https://docs.thinkwisesoftware.com/docs/sf/process_flows#oauth-connectors

Userlevel 5
Badge +9

The link is currently down. go to docs https://docs.thinkwisesoftware.com/ and in the search bar type  Oauth Flow

Userlevel 5
Badge +9

Here is some additional info regarding connecting to exact online: 

https://support.exactonline.com/community/s/knowledge-base#All-All-DNO-Content-oauth-eol-oauth-devstep3

Userlevel 3
Badge +9

Hi Erwin, thanks for all your support and tips  but I don’t think it’s an authentication problem and I’m really getting stuck whatever I try. (Sorry for the layout but this f… editor suddenly creates a table when I copy the result from the proces montior)

 

I tried 3 methods, see below in the bold indicated sections.

  1. Just the refresh token step via the http connector
  2. Just the endpoint step starting with a valid acces token I obtained from postman. Hope this is not the problem)
  3. The oauth proces action. This one fails directly in an application error message

So I’m totally getting stuck at this moment, really well knowing that all this API stuff is pretty new for me.

 

I’m getting a result from exact online, but the result is “invalid request”. If there is something with the authorization Exact will give back another message. I’m pretty sure I’m almost there, but I am not able to see what the SF creates as the final call. I can edit the connector params and I can test it. I can see the result in the proces flow monitor but I cannot see what the SF is finally sending to exact. 

----------------------------- Refresh token via http connector failes in invalid request

When I try the refresh token via the http connector I’m getting back an header with this info: 

headers

[{"Key":"Content-Length","Value":"27"},{"Key":"Cache-Control","Value":"no-cache,no-store"},{"Key":"Content-Type","Value":"application/json"},{"Key":"Expires","Value":"-1"},{"Key":"Pragma","Value":"no-cache"},{"Key":"Referrer-Policy","Value":"strict-origin-when-cross-origin"},{"Key":"X-Content-Type-Options","Value":"nosniff"},{"Key":"X-Xss-Protection","Value":"1; mode=block"},{"Key":"Date","Value":"Tue, 23 Nov 2021 10:28:19 GMT"},{"Key":"Connection","Value":"close"},{"Key":"Set-Cookie","Value":"ExactOnlineClient=SB0Q8zFGGDK7ZWzICaPXt7XxiiRFGATAnZ1rZSQSjWEBmQTOiV0wPjHvp/WwU/6po8wy3y3w68xb09aHX3GnPOXQegom1fOso2L8nbALt6mxqP13wP8pXanYW4zTVqmKcHZwdg9gRM8dIiYjozg0GQSvyP7ChbMYEcV4BzrKgK0=; SameSite=lax; expires=Mon, 31-Dec-2198 23:00:00 GMT; path=/; secure; HttpOnly"},{"Key":"Strict-Transport-Security","Value":"max-age=31536000 ; includeSubDomains ; preload,max-age=31536000 ; includeSubDomains ; preload"}]

And in the result parameter: invalid request.

In de debug: The remote server returned an error: (400) Bad Request.  

So nothing about authorization or authentication. Exact is not able to understand the request we put.

----------------------------- Endpoint request fails in Unauthorized

When I try the endpoint to get the accounts at this moment I’m running into Unauthorized.

However I just retrieved a new access token via postman.
Question: Is it possible to retrieve an acces code in postman and use it in the SF to test?

 

  result <?xml version="1.0" encoding="utf-8" standalone="yes"?>
<error xmlns="http://schemas.microsoft.com/ado/2007/08/dataservices/metadata">
 <code></code>
 <message xml:lang="">Unauthorized - Authentication required</message>
</error>

 

 

------------------- oAuth connector fails with an SF error message. No debug no result

 

I’ve setup an 0Auth step in my proces flow as well. I created an oauth server:

 

And I created a really simple workflow with only this 1  step.

The output variables
Tthe input variables
The proces varaiables I put in the access token obtained via postman here

The result in the end applicatoin. Step 2 which is the oauth step fails directly

 

 

 

 

 

 

 

Userlevel 5
Badge +2

Hello Edwin,

I do recommend using the OAuth connectors over the HTTP connector. Note that the purpose of the OAuth login connector is to obtain your initial access_token and, more importantly, your refresh_token. Once you have these, you can use the OAuth refresh token connector to exchange the refresh_token for a new access_token.

A few side notes here regarding Exact Online:

  • Access tokens are only valid for 10 minutes. After an access token has expired, you must request a new one using your refresh token. Access tokens cannot be refreshed before they are 9 minutes and 30 seconds old.
  • Refresh tokens may only be used once. Upon using a refresh token to obtain a new access token, you will also receive a new refresh token.

OAuth login connector

I'm not sure if you even want to use the OAuth login connector or if you want to jump straight in to the OAuth refresh token connector, because you already seem to have a refresh token. However, if you need to use the OAuth login connector, you will need to fix a few things which I have outlined below.

  1. The authorization URL for Exact Online is https://start.exactonline.nl/api/oauth2/auth you are missing the last segment in your OAuth server configuration. Note Exact Online's documentation below. This should only be relevant for the OAuth Login Connector though.

 

  1. If you look at our documentation, you will see that the default redirect_uri for the OAuth Connector in the Windows GUI is http://localhost/oauth-callback. However, Exact Online only accepts HTTPS redirect URIs, as written in their documentation. Therefore it is necessary to overwrite the redirect URI to https://localhost/oauth-callback with the corresponding application setting in IAM. Again, this is only relevant for the OAuth Login Connector.

 

  1. Make sure that the redirect URI from step 2 is also registered in your App configuration at Exact Online. Exact Online will reject the request if you haven't done this. Again, this is only relevant for the OAuth Login Connector.

 

OAuth refresh token connector

Once you have your refresh token, you will want to use the OAuth refresh token connector whenever you need to obtain a fresh access token after it has expired. The OAuth refresh token connector simply has one input parameter, the refresh token. It will output a new access token and a new refresh token. Note that your old refresh token is now invalid, only the new refresh token will work.

Making API calls

Now that you have your access token and a way to continuously refresh it when necessary, you can make your API calls by using an HTTP connector. Our Authentication type input parameter is missing the value ‘Bearer’ which you will need to use for your API calls, but you can add Bearer authentication yourself by setting the following header:

[{"Key":"Authorization","Value":"Bearer {access_token}"}]

Note Exact Online's documentation on this as well:

Troubleshooting

With all this said, you might still get that error in the Windows GUI, if so, please expand the error so we can see what is going wrong.

I hope this helps.

Userlevel 3
Badge +9

Vincent, 

I changed the connector to the refresh connector. At least my Object Reference message is gone now.

Now I’m running into an -100 status_code which is as far as I can see not documented.
 

 

We’ve setup 2 applications in Exact online. 1 for postman and 1 for the TW application. In postman everything is working, and I’m now using the refresh token from postman in the SF. Of course I use the same client_id and the same secret_id as in postman. So all three parameters belong to the same connection. I think exact cannot ‘see’ where we’re calling from as long I don’t mix up the credentials.

What I’m doing now is:
1. An authorization request in postman. I’m doing that in a browser. Exact asks me to login including the two way authentication. Exact returns in the URL an in this URL is the Code for the first Code request
2. The next step is the first token request which I run in postman.
3. This step returns in json the acces token and the refresh token as below

{

"access_token": "gAAAAAmRzs…………..”,

"token_type": "bearer",

"expires_in": "600",

"refresh_token": "Y2MN!IAAAAL-IqLx………….."

}

So I use postman (till now) for the first refresh code. 

  1. With the refresh token I can request for a new access token and a new refresh token. And I can rerun this process whenever I want. I’ve no limitations in the 9:30 - 10:00 minutes like the docs of Exact mentions.
  2. With the access token I can do a request  to an endpoint and I’m getting a result - in postman.

I’ve setup step 4 (getting the refresh token) in the SF with the 0auth refresh token process flow action. In this action I use the exact online oauth server (with the corrected path as you said) and the only input is the refresh token.
I’ve copied the refresh token from postman in the process variable and I connect the process variable refresh-token to the input. 

But still the result = -100. There is no other message or stack trace. Also there is nothing in the debugger.

In the Indicium log of the SF (I run the application against the SF) there is also nothing.

There is one message returning every 15 minutes, but I think that has nothing to do with the process I’m trying to setup now
2021-11-25T14:45:00.0089779+01:00  [ERR] Process action 'http_connector' was not provided a (valid) value for its 'URL' parameter. (0680995c)

 

Userlevel 3
Badge +9

Can it be a firewall issue?? Since I’m running it from the Windows GUI, there is no activity at all in Indicium. This IIS where the Indicium is running is not reachable from the Internet ‘yet’.

If I do a request, should this be visible im the Indicium logs? And maybe I can do a  request to the outside world, perhaps the answer is simply not coming back because of a firewall rule / connection?

Userlevel 3
Badge +9

I did a setup in another installation where the indicium is ‘reachable’ from the internet there the refresh token action is working…..

Userlevel 5
Badge +2

Hello Edwin,

The -100 status code means that the process action is unsupported. The version of the Windows GUI that you’re using is too old, it does not support the OAuth process actions.

I hope this helps.

Userlevel 3
Badge +9

Vincent, thanks for the answer. I will upgrade the windows GUI.

Most important is that I managed to get it work at the end of the day. I still think it was a firewall issue. 
On the test-installation it worked because the Indicium was reachable from the internet.
On the installation where it doesn’t work the Indidicum was not reachable from the internet. So I think I can send out the request, but the answer is not accepted because of a firewall issue.
On my test installation I was able to run the refresh token request as well a request to an endpoint. 
So when the Indicium on the final installation is reachable from the Internet I will try again, but when it works on my test installation it should work as well on the final installation

Reply