I have made a successful connection to Exact Globe (not using the http connector currently available but an older connection method). But I have also made a successful connection to a different system using the HTTP connector the SF currently supplies. 

What version of the SF are you using? 

And can you post the postman connection that is working for you (filtering out any sensitive data). 

Hi Erwin, we using SF 2021.2.

And we’re trying to talk to the exact-online API… (That’s something different then Exact globe?)

This is the setup in postman to get the refresh key which is working in postman.

This is the first step I try to get working in the SF.

Below is the result in Postman when we open the <> code section to see what we send.

We’ve tried to add the cookie as wel but with the same result.

curl --location --request POST 'https://start.exactonline.nl/api/oauth2/token' \

--header 'Content-Type: application/x-www-form-urlencoded' \

--header 'Cookie: ASP.NET_SessionId=0d23215kwpt3zlddlc4y4gz2; AWSALB=1pnr4OGoFBfALC+ixp0QrxPOKyfXiDhu2s915jf5e6RLIk0DdH/riVG2h9YlA4E29JIJ4BAj+PbkrCBoe1LB2XWbsvRl8wM4SbA3z4qUX845N9Kr6xb7nLFJlH/+; AWSALBCORS=1pnr4OGoFBfALC+ixp0QrxPOKyfXiDhu2s915jf5e6RLIk0DdH/riVG2h9YlA4E29JIJ4BAj+PbkrCBoe1LB2XWbsvRl8wM4SbA3z4qUX845N9Kr6xb7nLFJlH/+; ExactOnlineClient=kVdQFzO29SAu20b+Hj9pHeryWQqExS1/uNm6W0chlYN1vWb3e1s5cxKHq8HPKyyTMbRTRkgQJj0kzGstxZsM1u+AZtd36ev7ol+gVDmGns1n7qOJoKQF/MKfcwUULYm4chHkzfo2HsmR7FVaI0+q1gO7ks0+nSgP+FsGuqdDceU=; ExactServer{79a383a7-1e93-42ec-841e-61b7ae40e41e}=Division=3084597' \

--data-urlencode 'grant_type=refresh_token' \

--data-urlencode 'refresh_token=Y2MN!IAAAAA5UpJQK5Eh-bKOyeoJwlYAnV-pUHsyI-psvA0WDI8r04QEAAAF3OJA1gQ_a6WXxg-IZdsxmpU2X_7x_osBjJ9AsmxS8ZaH4rIza3JOgWHo4Xv8Mve8aVGNsnQ7My4ApS-HO67H_d0843Pux1Tp-Ugfx47pd7bv_Ijqa_jeef3_IU3M1K_EnbOQbxozlGLegl2_ZpUlFQH8hsiFfyzIm5mS8x0n9Sx3J8FouDfBCTg0T-dkdWfrOICSUXkOsN0I_eY83dqkvpijS0Eh7WHUrJbkxl1VTPR4IzPPybhPKHF9KCTkYfWixq4OczhGEYnMaFht5uYC65Q-VCC6crLBZfyumFoLEK2tZZz7F_s8IdfFdZHsBq8WJFcm0l8puxfEROWGTUwM_Bd4S76QruEM2J9DqLop6fmCIoIAQmsdnt0rQlqiJP7uOQi3BxtMo9XYG1L_qQ9brtz_lkGu-_hAV1y9JrEUmggRO57E2MxFuHxS-aOyE6LrPy9Gd4NXHcUmVVjBjCPMiZd2EvT77uGxKKQ12BqgvBKEYgqVJKjCOSMRNNt5zAWay6BRbDlfF3yP0jrxt262-78j1wE9d-kUSa6ltnh0WHuaT1voWs8XLa-K6jTFijBZfbQRdRFWSe7-1kWqY3VeaupXiXE3u54dCAhcTDyUxupvPSBc6nwBuTtxt7COjTIE' \

--data-urlencode 'client_id=645d2b8……………..cf6bc8c2d' \

--data-urlencode 'client_secret=eL……...TBJ'

I hope you can help me out...

So in postman we only send:

grand_type=refresh_token

refresh_token:abcdeetc…. (The one we get from the API)

client_id=

cleint_secret=

No params, Authorization is set to Bearer to, no specific headers and the params above are setup in the body.  Postman sends them as application/x-www-frin-urlencode 

So we copied that to the SF. Kevin helped me this morning to get this working. But we’re gettting stuck when setting up the same connection in the SF

Can you also post a screenshot of the headers you are using in Postman. Postman and SF do not necessarily use the same headers. 

Hi Erwin,

here’s the screen with the headers. I’ve displayed the hidden headers as well

Dit is wat ik terugkrijg in de headers. We sturen dus geen headers mee, maar bij de output vul ik wel de procesvariabele met de headers die we terugkrijgen

Can you try adding the header:  �{"Key": "Accept", "Value": "application/x-www-form-urlencoded"}]

Also what authentication are you using in the SF HTTP connector? 
 

We’ve set Nothing for the authentication type. Should we?

And tried to add the header as you suggested. I copied it exactly what you described, so including the [ and the { including/till the }] But still I’m running into an invalid request

From the green dot in postman it suggest you added authentication there. So the same request from the SF should include the same authentication. Try adding the authentication and check if the error changes. 

Is this what you mean? What should I change in the SF. SHould I add setup the authentication type with Bearer token

I have only a few options there. I cannot choose the option bearer token of am I looking in the wrong place now

Authentication is something else then authorization?

Here you can find some more infomation regarding OAUTH tokens:

https://docs.thinkwisesoftware.com/docs/sf/process_flows#oauth-connectors

The link is currently down. go to docs https://docs.thinkwisesoftware.com/ and in the search bar type  Oauth Flow

Here is some additional info regarding connecting to exact online: 

https://support.exactonline.com/community/s/knowledge-base#All-All-DNO-Content-oauth-eol-oauth-devstep3

Hi Erwin, thanks for all your support and tips  but I don’t think it’s an authentication problem and I’m really getting stuck whatever I try. (Sorry for the layout but this f… editor suddenly creates a table when I copy the result from the proces montior)

I tried 3 methods, see below in the bold indicated sections.

1. Just the refresh token step via the http connector
2. Just the endpoint step starting with a valid acces token I obtained from postman. Hope this is not the problem)
3. The oauth proces action. This one fails directly in an application error message

So I’m totally getting stuck at this moment, really well knowing that all this API stuff is pretty new for me.

I’m getting a result from exact online, but the result is “invalid request”. If there is something with the authorization Exact will give back another message. I’m pretty sure I’m almost there, but I am not able to see what the SF creates as the final call. I can edit the connector params and I can test it. I can see the result in the proces flow monitor but I cannot see what the SF is finally sending to exact. 

----------------------------- Refresh token via http connector failes in invalid request

When I try the refresh token via the http connector I’m getting back an header with this info: 

------------------- oAuth connector fails with an SF error message. No debug no result

I’ve setup an 0Auth step in my proces flow as well. I created an oauth server:

And I created a really simple workflow with only this 1  step.

The result in the end applicatoin. Step 2 which is the oauth step fails directly

Hello Edwin,

I do recommend using the OAuth connectors over the HTTP connector. Note that the purpose of the OAuth login connector is to obtain your initial access_token and, more importantly, your refresh_token. Once you have these, you can use the OAuth refresh token connector to exchange the refresh_token for a new access_token.

A few side notes here regarding Exact Online:

• Access tokens are only valid for 10 minutes. After an access token has expired, you must request a new one using your refresh token. Access tokens cannot be refreshed before they are 9 minutes and 30 seconds old.
• Refresh tokens may only be used once. Upon using a refresh token to obtain a new access token, you will also receive a new refresh token.

OAuth login connector

I'm not sure if you even want to use the OAuth login connector or if you want to jump straight in to the OAuth refresh token connector, because you already seem to have a refresh token. However, if you need to use the OAuth login connector, you will need to fix a few things which I have outlined below.

1. The authorization URL for Exact Online is https://start.exactonline.nl/api/oauth2/auth you are missing the last segment in your OAuth server configuration. Note Exact Online's documentation below. This should only be relevant for the OAuth Login Connector though.

2. If you look at our documentation, you will see that the default redirect_uri for the OAuth Connector in the Windows GUI is http://localhost/oauth-callback. However, Exact Online only accepts HTTPS redirect URIs, as written in their documentation. Therefore it is necessary to overwrite the redirect URI to https://localhost/oauth-callback with the corresponding application setting in IAM. Again, this is only relevant for the OAuth Login Connector.

3. Make sure that the redirect URI from step 2 is also registered in your App configuration at Exact Online. Exact Online will reject the request if you haven't done this. Again, this is only relevant for the OAuth Login Connector.

OAuth refresh token connector

Once you have your refresh token, you will want to use the OAuth refresh token connector whenever you need to obtain a fresh access token after it has expired. The OAuth refresh token connector simply has one input parameter, the refresh token. It will output a new access token and a new refresh token. Note that your old refresh token is now invalid, only the new refresh token will work.

Making API calls

Now that you have your access token and a way to continuously refresh it when necessary, you can make your API calls by using an HTTP connector. Our Authentication type input parameter is missing the value ‘Bearer’ which you will need to use for your API calls, but you can add Bearer authentication yourself by setting the following header:

<{"Key":"Authorization","Value":"Bearer {access_token}"}]

Note Exact Online's documentation on this as well:

Troubleshooting

With all this said, you might still get that error in the Windows GUI, if so, please expand the error so we can see what is going wrong.

I hope this helps.

Vincent, 

I changed the connector to the refresh connector. At least my Object Reference message is gone now.

Now I’m running into an -100 status_code which is as far as I can see not documented.
 

We’ve setup 2 applications in Exact online. 1 for postman and 1 for the TW application. In postman everything is working, and I’m now using the refresh token from postman in the SF. Of course I use the same client_id and the same secret_id as in postman. So all three parameters belong to the same connection. I think exact cannot ‘see’ where we’re calling from as long I don’t mix up the credentials.

What I’m doing now is:
1. An authorization request in postman. I’m doing that in a browser. Exact asks me to login including the two way authentication. Exact returns in the URL an in this URL is the Code for the first Code request
2. The next step is the first token request which I run in postman.
3. This step returns in json the acces token and the refresh token as below

{

"access_token": "gAAAAAmRzs…………..”,

"token_type": "bearer",

"expires_in": "600",

"refresh_token": "Y2MN!IAAAAL-IqLx………….."

}

So I use postman (till now) for the first refresh code. 

4. With the refresh token I can request for a new access token and a new refresh token. And I can rerun this process whenever I want. I’ve no limitations in the 9:30 - 10:00 minutes like the docs of Exact mentions.
5. With the access token I can do a request  to an endpoint and I’m getting a result - in postman.

I’ve setup step 4 (getting the refresh token) in the SF with the 0auth refresh token process flow action. In this action I use the exact online oauth server (with the corrected path as you said) and the only input is the refresh token.
I’ve copied the refresh token from postman in the process variable and I connect the process variable refresh-token to the input. 

But still the result = -100. There is no other message or stack trace. Also there is nothing in the debugger.

In the Indicium log of the SF (I run the application against the SF) there is also nothing.

There is one message returning every 15 minutes, but I think that has nothing to do with the process I’m trying to setup now
2021-11-25T14:45:00.0089779+01:00  tERR] Process action 'http_connector' was not provided a (valid) value for its 'URL' parameter. (0680995c)

Can it be a firewall issue?? Since I’m running it from the Windows GUI, there is no activity at all in Indicium. This IIS where the Indicium is running is not reachable from the Internet ‘yet’.

If I do a request, should this be visible im the Indicium logs? And maybe I can do a  request to the outside world, perhaps the answer is simply not coming back because of a firewall rule / connection?

I did a setup in another installation where the indicium is ‘reachable’ from the internet there the refresh token action is working…..

Hello Edwin,

The -100 status code means that the process action is unsupported. The version of the Windows GUI that you’re using is too old, it does not support the OAuth process actions.

I hope this helps.

Vincent, thanks for the answer. I will upgrade the windows GUI.

Most important is that I managed to get it work at the end of the day. I still think it was a firewall issue. 
On the test-installation it worked because the Indicium was reachable from the internet.
On the installation where it doesn’t work the Indidicum was not reachable from the internet. So I think I can send out the request, but the answer is not accepted because of a firewall issue.
On my test installation I was able to run the refresh token request as well a request to an endpoint. 
So when the Indicium on the final installation is reachable from the Internet I will try again, but when it works on my test installation it should work as well on the final installation

Hi, I managed to get the refresh token work in the SF on the final installation. It retrieves a new set of an access token and a refresh token and I can store them in the system parameters table of the end application. 
I’m however still struggling with the connection the endpoint. I managed to get it work once and I could see the content of the XML. 
I’m now trying in a test situation to process the result, but now I run in authentication issues all the time. 

This is the result of the header coming back.

The refresh token key is only valid for 10 minutes (600sec) that makes live not easier.
I’m setting a timer on my watch all the time to run the refresh token process flow. The good news is that this works.
The access code is stored in de database,

But when I run the endpoint process flow I’m now always getting the authentication error.

See below the result.. As said I managed only ONCE to get a value in the leverancier_data variable

I also do not have a solution yet to get the first authentication code.
I do this still with postman. I put a hyperlink in a browser, then Exact asks me to login with the username password and the authenticator number (Google authenticator) Then you get a browser link back with a first access_code. But in this one I manually have to replace the %21 for a !. With that code I’m getting the first set of access_token/refresh token. 

I really don’t know how to set this up with the exact login process?
 

Next step…. I found out that the refresh code may expire. If expired I can retrieve a new set without logging in again. I have this working via the TW application. I can retrieve the codes but the odd thing at this moment is that I can run the process flow to retrieve a new set of codes and I can store them into 2 system parameters in the TW application. So the refresh token is working. When I try to reach the end point I’m getting the autorization error.  I ran it as well in postman with the code I got via the TW process flow and also there I’m running into an authorization error. Digging a bit further I saw a. message about base64 coding. So what I did, is rerun the refresh request from postman. Paste the access code into the application and then run the application. And then it works. I’m also able to retrieve data from the answer en putting it into a database field. So When running the refresh process flow via the TW application returns a valid refresh code but an unvalid access code. This clarifies the question that I saw it working once…. 

So apparently something is wrong with the access code coming back. Or I don’t know how to handle it, that is more likely the issue…